Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Resque vulnerable to reflected XSS in Queue Endpoint
Vulnerability Description
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Resque 跨站脚本漏洞
Vulnerability Description
Resque是Resque开源的一个 Redis 支持的库,用于创建后台作业、将这些作业放置在多个队列上并稍后进行处理。 Resque 2.6.0之前版本存在跨站脚本漏洞,该漏洞源于容易受到反射型跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A