6 matches found
Cross-site Scripting (XSS)
Overview resque-scheduler is a light-weight job scheduling system built on top of Resque Affected versions of this package are vulnerable to Cross-site Scripting XSS via the schedulejob or args parameters in the /resque/delayed/jobs/schedulejob?args=argsid URL. An attacker can inject malicious...
Resque Scheduler Reflected XSS In Delayed Jobs View
Impact Resque Scheduler version 1.27.4 and above are affected by a cross-site scripting vulnerability. A remote attacker can inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side. Patches Fixed in v4.10...
GHSA-Q7JC-V6F2-Q9JR Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...
CVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...
PT-2022-27174 · Unknown · Resque Scheduler
Name of the Vulnerable Software and Affected Versions: Resque Scheduler version 1.27.4 Description: A remote attacker could inject javascript code to the schedule job or args parameters in "/resque/delayed/jobs/schedule job?args=args id" to execute javascript at the client side, resulting in a...
Resque Scheduler 跨站脚本漏洞
Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque Scheduler version 1.27.4 security vulnerability , the vulnerability stems from the vulnerability to cross-site scripting XSS attacks , a remote attacker can inject javascript code into...