Описание
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
A cross-site scripting vulnerability was found in sidekiq via the queue name of the live-poll feature. A potential attacker can impersonate or masquerade as the victim user using this vulnerability when Internet Explorer is used.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | sidekiq | Not affected | ||
| Red Hat Satellite 6.11 for RHEL 7 | tfm-rubygem-sidekiq | Fixed | RHSA-2022:5498 | 05.07.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2013503sidekiq: XSS via the queue name of the live-poll feature
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 5 лет назад
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVSS3: 6.1
nvd
почти 5 лет назад
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVSS3: 6.1
debian
почти 5 лет назад
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...
5.5 Medium
CVSS3