exploitDog

CVE-2022-44303

Опубликовано: 13 дек. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.

Ссылки

http://resque.com
Broken Link
Not Applicable
https://trungvm.gitbook.io/cves/resque/resque-1.27.4-multiple-reflected-xss-in-resque-schedule-job
Exploit
Third Party Advisory
http://resque.com
Broken Link
Not Applicable
https://trungvm.gitbook.io/cves/resque/resque-1.27.4-multiple-reflected-xss-in-resque-schedule-job
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resque-scheduler_project:resque-scheduler:-:*:*:*:*:ruby:*:*

EPSS

Процентиль: 51%

0.00284

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-9hmq-fm33-x4xx

CVSS3: 6.3

github

около 2 лет назад

Resque Scheduler Reflected XSS In Delayed Jobs View

EPSS

Процентиль: 51%

0.00284

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79