CVE-2015-2963
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-2963
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
thoughtbot paperclip gem for Ruby 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
thoughtbot paperclip gem for Ruby是软件开发者Jon Yurek所研发的一个Active Record的Ruby文件附件管理库,它的主要作用是被Active Record调用。 thoughtbot paperclip gem for Ruby 4.2.2之前版本中存在安全漏洞,该漏洞源于程序在media-type验证期间没有正确处理‘content-type’值。远程攻击者可借助伪造的值利用该漏洞上传任意HTML文档,实施跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2015-2963
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-2963
请登录查看更多情报信息。
- https://robots.thoughtbot.com/paperclip-security-releasex_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2015-2963
Same Patch Batch · n/a · 2015-07-10 · 18 CVEs total
| CVE-2015-4259 | Cisco Unified Computing System C Integrated Management Controller 加密问题漏洞 | |
| CVE-2015-4258 | Cisco TelePresence MSE 8000设备跨站请求伪造漏洞 | |
| CVE-2015-4257 | Cisco TelePresence MCU 4500设备跨站请求伪造漏洞 | |
| CVE-2015-4256 | Cisco TelePresence IP VCR设备跨站请求伪造漏洞 | |
| CVE-2015-4255 | Cisco TelePresence IP Gateway设备跨站请求伪造漏洞 | |
| CVE-2015-4253 | Cisco TelePresence Serial Gateway设备跨站请求伪造漏洞 | |
| CVE-2015-4252 | Cisco TelePresence ISDN Gateway设备跨站请求伪造漏洞 | |
| CVE-2015-4260 | Cisco Hosted Collaboration Solution 跨站脚本漏洞 | |
| CVE-2015-4244 | Cisco ASR 5000和5500设备操作系统命令注入漏洞 | |
| CVE-2015-4236 | Cisco Email Security Appliance AsyncOS 资源管理错误漏洞 | |
| CVE-2015-2970 | LEMON-S PHP Simple Oekaki BBS 路径遍历漏洞 | |
| CVE-2015-2969 | LEMON-S PHP Simple Oekaki BBS 跨站脚本漏洞 | |
| CVE-2015-2967 | Cacti 跨站脚本漏洞 | |
| CVE-2015-4254 | Cisco TelePresence Advanced Media Gateway设备跨站请求伪造漏洞 | |
| CVE-2015-3650 | 多款VMware产品安全漏洞 | |
| CVE-2015-4526 | EMC RecoverPoint for Virtual Machines 安全漏洞 | |
| CVE-2015-4263 | Cisco Mobility Services Engine Control And Provisioning功能信息泄露漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2015-2963
No comments yet