2025-09-09 19:43:30
VulnCheck
PUBLISHED
In pfSense CEĀ /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.