Priya-Hinduja

**Name of the Vulnerable Software and Affected Versions** Resque versions prior to 2.6.0 **Description** A reflected XSS issue occurs when the `/queues` endpoint is appended with malicious input, such as `"><svg onload=alert(domain)>`. This allows for cross-site scripting attacks. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The `/queues` endpoint is vulnerable, specifically the `current queue` portion of the path. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 to resolve the issue. As a temporary workaround, consider avoiding clicks on third-party or untrusted links to the resque-web interface until the application is patched. Restrict access to the `/queues` endpoint to minimize the risk of exploitation. Avoid using untrusted input in the `current queue` portion of the path until the issue is resolved.