6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.6%
resque is vulnerable to Reflected Cross Site Scripting (XSS). The vulnerability is due to not sanitizing and escaping the current_queue
portion of the path (action
tag in HTML form) on the /queues
endpoint of the resque-web component. This can lead to Reflected XSS when the view related to the /queues
end point (/views/queues.erb
) is rendered on the browser.
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.6%