CVE-2023-46950
MEDIUMSidekiq 6.5.8 - Cross-Site Scripting via Filter Function URL Parameter
Title source: llmDescription
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
References (6)
Core 6
Core References
Issue Tracking
https://github.com/mhenrixon/sidekiq-unique-jobs/pull/829
Exploit, Vendor Advisory
https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38
Third Party Advisory
https://www.mgm-sp.com/cve/sidekiq-unique-jobs-reflected-xss-cve-2023-46950-cve-2023-46951
Permissions Required
https://link.org
Not Applicable
https://www.link.com
Scores
CVSS v3
6.1
EPSS
0.0027
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
contribsys/sidekiq
6.5.8
rubygems/sidekiq-unique-jobs
8.0.0 - 8.0.7RubyGems
Published
Mar 01, 2024
Tracked Since
Feb 18, 2026