Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2023-50725

Published: 22/12/2023 Updated: 03/01/2024
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Resque

Vulnerability Summary

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

resque resque

Vendor Advisories

Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-79https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8https://github.com/resque/resque/pull/1790https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.ymlhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-50725
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook