Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gc3j-vvwf-4rp8: Resque vulnerable to reflected XSS in resque-web failed and queues lists

Impact

The following paths in resque-web have been found to be vulnerable to reflected XSS:

/failed/?class=<script>alert(document.cookie)</script>
/queues/><img src=a onerror=alert(document.cookie)>

Patches

v2.2.1

Workarounds

No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.

References

https://github.com/resque/resque/pull/1790

ghsa
#xss#web#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-50725

Resque vulnerable to reflected XSS in resque-web failed and queues lists

Moderate severity GitHub Reviewed Published Dec 18, 2023 in resque/resque • Updated Dec 18, 2023

Package

Affected versions

< 2.2.1

Impact

The following paths in resque-web have been found to be vulnerable to reflected XSS:

/failed/?class=<script>alert(document.cookie)</script>
/queues/><img src=a onerror=alert(document.cookie)>

Patches

v2.2.1

Workarounds

No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.

References

resque/resque#1790

References

  • GHSA-gc3j-vvwf-4rp8
  • resque/resque#1790
  • resque/resque@ee99d2e

Published to the GitHub Advisory Database

Dec 18, 2023

Last updated

Dec 18, 2023

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP