The following paths in resque-web have been found to be vulnerable to reflected XSS:
/failed/?class=<script>alert(document.cookie)</script>
/queues/><img src=a onerror=alert(document.cookie)>
v2.2.1
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
https://github.com/resque/resque/pull/1790
{ "nvd_published_at": "2023-12-22T20:15:07Z", "cwe_ids": [ "CWE-233", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-18T19:34:06Z" }