Madslundholmdk

**Name of the Vulnerable Software and Affected Versions** Resque versions prior to 2.2.1 **Description** The issue concerns a reflected XSS vulnerability in the resque-web component of the Resque library. Specifically, the vulnerability affects the following paths: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This allows for the execution of malicious scripts when a user clicks on a specially crafted link to the resque-web interface. To mitigate this risk, it is recommended not to click on third-party or untrusted links to the resque-web interface until the application is patched. **Recommendations** For versions prior to 2.2.1, update to version 2.2.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the vulnerable paths in the resque-web interface until a patch is applied. Additionally, restrict access to the resque-web interface to minimize the risk of exploitation.