Project

General

Profile

Actions
Copy link

Bug #16411

closed

Potential XSS in HAProxy Package

Added by Jim Pingle about 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
High
Assignee:
Jim Pingle
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

There is a potential reflected cross-site scripting vulnerability in the HAProxy package:

/usr/local/www/haproxy/haproxy_stats.php displays the value of the showsticktablecontent GET parameter without encoding.

Reported by Alex Williams of Pellera Technology via VulnCheck, CVE-2025-34172

While looking at that, I also found that the showstatresolvers code path references $sticktablename but it isn't relevant on that code path. The only possible item to display is globalresolvers, it doesn't need to use any user input for that action.

Actions
Copy link
 #2

Updated by Jim Pingle about 2 months ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Jim Pingle about 2 months ago

  • Status changed from New to Resolved

MR Merged

Actions
Copy link
 #4

Updated by Jim Pingle about 2 months ago

  • Private changed from Yes to No
Actions
Copy link
 #5

Updated by Jim Pingle about 2 months ago

  • % Done changed from 0 to 100

New package build is now published and available for Plus 25.07.1, Plus 25.07, CE 2.8.1, and CE 2.8.0.

Actions
Copy link

Also available in: Atom PDF