5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
15.7%
A reflected Cross-site scripting (XSS) vulnerability was found in Rubygem Sidekiq. The value of the substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit this to target the users of the Sidekiq Web UI and users of other applications deployed on the same domain or website as that of the Sidekiq website. This issue potentially compromises user accounts and data, forcing the users to perform sensitive actions that involve stealing sensitive data, performing CORS attacks, or defacement of the web application.