Unknown · Resque Scheduler · CVE-2022-44303
**Name of the Vulnerable Software and Affected Versions**
Resque Scheduler version 1.27.4
**Description**
A remote attacker could inject javascript code to the `schedule job` or `args` parameters in "/resque/delayed/jobs/{schedule job}?args={args id}" to execute javascript at the client side, resulting in a Cross-site scripting (XSS) issue.
**Recommendations**
For Resque Scheduler version 1.27.4, update to version 4.10.2 to resolve the issue.
As a temporary workaround, consider avoiding clicks on 3rd party or untrusted links to the resque-web interface until the application is patched.