Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate severity
GitHub Reviewed
Published
Dec 13, 2022
to the GitHub Advisory Database
•
Updated Dec 20, 2023
Withdrawn
This advisory was withdrawn on Dec 18, 2023
Description
Published by the National Vulnerability Database
Dec 13, 2022
Published to the GitHub Advisory Database
Dec 13, 2022
Reviewed
Dec 18, 2023
Withdrawn
Dec 18, 2023
Last updated
Dec 20, 2023
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references.
Original Description
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.
References