The following paths in resque-web have been found to be vulnerable to reflected XSS:
/failed/?class=<script>alert(document.cookie)</script>
/queues/><img src=a onerror=alert(document.cookie)>
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
Impact
The following paths in resque-web have been found to be vulnerable to reflected XSS:
Patches
v2.2.1
Workarounds
No known workarounds at this time. It is recommended to not click on 3rd party or untrusted links to the resque-web interface until you have patched your application.
References
#1790