Vulnerability Details CVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-44303
-
cpe:2.3:a:resque-scheduler_project:resque-scheduler:-