CVE-2026-7460 mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...

CVE-2026-7460 mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...

CVE-2023-50727 Resque vulnerable to reflected XSS in Queue Endpoint

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /". This issue has been patched in version 2.6.0...

Resque Cross-Site Scripting Vulnerability

Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque version 2.1.0 before the cross-site scripting vulnerability , the vulnerability stems from easy through the queue endpoint path in the currentqueue parameter by reflective cross-site scripting XSS...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

SUSE CVE-2017-1000399

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...

CVE-2022-46955

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...

PT-2023-15116 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/ajax.php?action=save queue" API endpoint...