6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
The following paths in resque-web have been found to be vulnerable to reflected XSS:
/failed/?class=<script>alert(document.cookie)</script>
/queues/><img src>
v2.2.1
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
github.com/resque/resque
github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07
github.com/resque/resque/pull/1790
github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8
github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml
nvd.nist.gov/vuln/detail/CVE-2023-50725
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%