Cross Site Scripting (XSS)

resque-scheduler is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to lack of schedulejob or args parameter sanitizion while processing a /resque/delayed/jobs/schedulejob?args=argsid request. An attacker can send a maliciously crafted url replacing schedulejob or the...