delayed_job_web is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of the queues
variable, allowing arbitrary javascript to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
delayed_job_web | eq | 1.4 | |
delayed_job_web | eq | 1.4 |
www.securityfocus.com/bid/102484
github.com/ejschmitt/delayed_job_web/issues/101
github.com/ejschmitt/delayed_job_web/pull/104
mdb-dev.es/2018/01/11/vulnerability-spotlight-ruby-rails-gem-xss-vulnerabilities/
www.talosintelligence.com/reports/TALOS-2017-0449
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449