Stored XSS in HAProxy / haproxy_listeners_edit.php
There is a stored XSS on haproxy_listeners.php via parameters submitted on haproxy_listeners_edit.php:
The following parameters are not encoded before display back to the user:
Since these are free-form, they can't be fully validated, so adding encoding is sufficient.
#1 Updated by Jim Pingle about 2 months ago
- Status changed from New to Feedback
- Private changed from Yes to No
fix committed in haproxy pkg v 0.59_16 and haproxy-devel pkg v 0.59_17
Package is now available for 2.4.4 users.