Cross Site Scripting (XSS)

resque-scheduler is vulnerable to Reflected Cross Site Scripting (XSS). The vulnerability is due to lack of {schedule_job} or args parameter sanitizion while processing a /resque/delayed/jobs/{schedule_job}?args={args_id} request. An attacker can send a maliciously crafted url replacing {schedule_job} or the args parameter leading to Reflected Cross Site Scripting (XSS) when this url is rendered in the browser