CVE-2022-44303 Information

Description

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the \schedule_job\ or rgs\ parameter in /resque/delayed/jobs/schedule_job?args=args_id to execute javascript at client side.

Reference

https://trungvm.gitbook.io/cves/resque/resque-1.27.4-multiple-reflected-xss-in-resque-schedule-job http://resque.com