Resque Security Vulnerabilities
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alert(document.cookie)" and "/queues/>". This issue has been patche...
6.3CVSS
6.2AI Score
0.001EPSS
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /">. This issue has been patched in version...
6.3CVSS
6AI Score
0.001EPSS
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues...
6.3CVSS
6AI Score
0.001EPSS
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client...
6.1CVSS
6.3AI Score
0.001EPSS