CVE-2023-50727 Resque vulnerable to reflected XSS in Queue Endpoint

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /". This issue has been patched in version 2.6.0...

CVE-2023-50725

CVE-2023-50725 affects the Resque library’s web UI (resque-web) where two paths, “/failed/?class=” and “/queues/>”, allow reflected XSS. The root cause is improper input validation on those endpoints. Impact stated across sources: remote authenticated attacker could lure a user to click a craf...

CVE-2023-50725 Resque vulnerable to reflected XSS in resque-web failed and queues lists

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alertdocument.cookie" and "/queues/". This issue has been patched in...

CVE-2023-50725 Resque vulnerable to reflected XSS in resque-web failed and queues lists

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alertdocument.cookie" and "/queues/". This issue has been patched in...

Resque Cross-Site Scripting Vulnerability

Resque is a Redis-powered library open-sourced by Resque for creating background jobs, placing them on multiple queues and processing them later. A cross-site scripting vulnerability exists in versions of Resque prior to 2.2.1, which stems from vulnerability to reflective cross-site scripting XSS...

Resque Cross-Site Scripting Vulnerability

Resque is a Redis-powered library open-sourced by Resque for creating background jobs, placing them on multiple queues and processing them later. A cross-site scripting vulnerability exists in versions of Resque prior to 2.6.0, which stems from vulnerability to reflective cross-site scripting XSS...

CVE-2023-50724

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

Design/Logic Flaw

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

CVE-2023-50724 Resque vulnerable to reflected cross site scripting through pathname

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

CVE-2023-50724

Summary: CVE-2023-50724 affects the Resque project, specifically the resque-web component prior to version 2.1.0, which is vulnerable to reflected XSS via the current_queue parameter in the queues endpoint path. The issue has been patched in 2.1.0. What’s affected: Resque and its resque-web inter...

CVE-2023-50724 Resque vulnerable to reflected cross site scripting through pathname

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

CVE-2023-50724 Resque vulnerable to reflected cross site scripting through pathname

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

Resque Cross-Site Scripting Vulnerability

Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque version 2.1.0 before the cross-site scripting vulnerability , the vulnerability stems from easy through the queue endpoint path in the currentqueue parameter by reflective cross-site scripting XSS...

Cross-site Scripting (XSS)

Overview resque-scheduler is a light-weight job scheduling system built on top of Resque Affected versions of this package are vulnerable to Cross-site Scripting XSS via the schedulejob or args parameters in the /resque/delayed/jobs/schedulejob?args=argsid URL. An attacker can inject malicious...

Cross-Site Scripting (XSS)

resque is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of sanitization in the htmlescape parameter for the currentqueue function. This allows an attacker to manipulates the currentqueue parameter in the request URL. This can leads to arbitrary HTML or JavaScript code...

Cross Site Scripting (XSS)

resque-scheduler is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to lack of schedulejob or args parameter sanitizion while processing a /resque/delayed/jobs/schedulejob?args=argsid request. An attacker can send a maliciously crafted url replacing schedulejob or the...

Cross Site Scripting (XSS)

resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to not sanitizing and escaping the currentqueue portion of the path action tag in HTML form on the /queues endpoint of the resque-web component. This can lead to Reflected XSS when the view related to the /queues...

Cross Site Scripting (XSS)

resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is caused due to not sanitizing and escaping HTML while displaying failed queue lists related web pages of the resque-web component. An attacker can make a user click on a malicious link leading to Reflected XSS when th...

GHSA-R8XX-8VM8-X6WJ Resque vulnerable to Reflected Cross Site Scripting through pathnames

Impact resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoint. Patches v2.1.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web...

Resque vulnerable to Reflected Cross Site Scripting through pathnames

Impact resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoint. Patches v2.1.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web...