65 matches found
PT-2022-27174 · Unknown · Resque Scheduler
Name of the Vulnerable Software and Affected Versions: Resque Scheduler version 1.27.4 Description: A remote attacker could inject javascript code to the schedule job or args parameters in "/resque/delayed/jobs/schedule job?args=args id" to execute javascript at the client side, resulting in a...
CVE-2022-44303
CVE-2022-44303 affects Resque Scheduler (Resque Scheduler 1.27.4 and above). The vulnerability is a cross-site scripting (XSS) flaw exploitable via the schedule_job or args parameters in the URL path /resque/delayed/jobs/{schedule_job}?args={args_id}, allowing an attacker to inject JavaScript tha...
Cross-site Scripting (XSS)
resque-scheduler is vulnerable to cross-site scripting XSS. The attack exists because it does not sanitize the input parameter value in delayed/search page...
Cross-Site Scripting (XSS)
resque-cleaner is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the klass, from, to, page and exception parameters...
Cross-Site Scripting (XSS)
resque is vulnerable to cross-site scripting. User input is not HTML encoded in lib/resque/server/views/queues.erb before displaying on a user's browser, which would allow remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions o...