EUVD-2023-3207

Malicious code in bioql PyPI...

CVE-2023-50725 Resque vulnerable to reflected XSS in resque-web failed and queues lists

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alertdocument.cookie" and "/queues/". This issue has been patched in...

CVE-2023-50724 Resque vulnerable to reflected cross site scripting through pathname

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

CVE-2023-50724

Summary: CVE-2023-50724 affects the Resque project, specifically the resque-web component prior to version 2.1.0, which is vulnerable to reflected XSS via the current_queue parameter in the queues endpoint path. The issue has been patched in 2.1.0. What’s affected: Resque and its resque-web inter...

Cross Site Scripting (XSS)

resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to not sanitizing and escaping the currentqueue portion of the path action tag in HTML form on the /queues endpoint of the resque-web component. This can lead to Reflected XSS when the view related to the /queues...

GHSA-GC3J-VVWF-4RP8 Resque vulnerable to reflected XSS in resque-web failed and queues lists

Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...

Resque vulnerable to reflected XSS in resque-web failed and queues lists

Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

Resque vulnerable to reflected XSS in Queue Endpoint

Impact Reflected XSS can be performed using the currentqueue portion of the path on the /queues endpoint of resque-web. Patches v2.6.0 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched...

Resque vulnerable to reflected XSS in resque-web failed and queues lists

Impact The following paths in resque-web have been found to be vulnerable to reflected XSS: /failed/?class=alertdocument.cookie /queues/ Patches v2.2.1 Workarounds No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until y...

PT-2023-31624 · Resque · Resque

Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.2.1 Description: The issue concerns a reflected XSS vulnerability in the resque-web component of the Resque library. Specifically, the vulnerability affects the following paths: "/failed/?class=alertdocument.cookie"...