GHSA-q7jc-v6f2-q9jr

Описание

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references.

Original Description

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.