65 matches found
GHSA-GC3J-VVWF-4RP8 Resque vulnerable to reflected XSS in resque-web failed and queues lists
Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...
Resque vulnerable to reflected XSS in Queue Endpoint
Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...
GHSA-R9MQ-M72X-257G Resque vulnerable to reflected XSS in Queue Endpoint
Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...
GHSA-9HMQ-FM33-X4XX Resque Scheduler Reflected XSS In Delayed Jobs View
Impact Resque Scheduler version 1.27.4 and above are affected by a cross-site scripting vulnerability. A remote attacker can inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side. Patches Fixed in v4.10...
Resque Scheduler Reflected XSS In Delayed Jobs View
Impact Resque Scheduler version 1.27.4 and above are affected by a cross-site scripting vulnerability. A remote attacker can inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side. Patches Fixed in v4.10...
PT-2023-31623 · Resque · Resque
Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.1.0 Description: The issue is related to reflected Cross Site Scripting XSS through the current queue parameter in the path of the queues endpoint. This allows for potential exploitation by manipulating the endpoint...
PT-2023-31624 · Resque · Resque
Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.2.1 Description: The issue concerns a reflected XSS vulnerability in the resque-web component of the Resque library. Specifically, the vulnerability affects the following paths: "/failed/?class=alertdocument.cookie"...
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Impact resque-web in resque versions before 2.1.0 is vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoint. Patches v2.1.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web...
Resque Scheduler Reflected XSS In Delayed Jobs View
Impact Resque Scheduler version 1.27.4 and above are affected by a cross-site scripting vulnerability. A remote attacker can inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side. Patches Fixed in v4.10...
Resque vulnerable to reflected XSS in Queue Endpoint
Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...
GHSA-Q7JC-V6F2-Q9JR Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...
CVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...
CVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...
Cross site scripting
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...
Resque Scheduler 跨站脚本漏洞
Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque Scheduler version 1.27.4 security vulnerability , the vulnerability stems from the vulnerability to cross-site scripting XSS attacks , a remote attacker can inject javascript code into...
PT-2022-27174 · Unknown · Resque Scheduler
Name of the Vulnerable Software and Affected Versions: Resque Scheduler version 1.27.4 Description: A remote attacker could inject javascript code to the schedule job or args parameters in "/resque/delayed/jobs/schedule job?args=args id" to execute javascript at the client side, resulting in a...
CVE-2022-44303
CVE-2022-44303 affects Resque Scheduler (Resque Scheduler 1.27.4 and above). The vulnerability is a cross-site scripting (XSS) flaw exploitable via the schedule_job or args parameters in the URL path /resque/delayed/jobs/{schedule_job}?args={args_id}, allowing an attacker to inject JavaScript tha...