Lucene search
Japan Vulnerability NotesJVN:83881261HistoryJun 18, 2015 - 12:00 a.m.
JVN#83881261: Ruby on Rails library Paperclip vulnerable to cross-site scripting
2015-06-1800:00:00
Japan Vulnerability Notes
jvn.jp
10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.6%
Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability (CWE-79).
Impact
An arbitrary script may be executed on the user’s web browser.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Paperclip 4.2.1 and earlier
Related
osv
osv
paperclip Cross-site Scripting vulnerability
2017-10-24 18:33:36
nvd
nvd
CVE-2015-2963
2015-07-10 17:59:00
cve
cve
CVE-2015-2963
2015-07-10 17:59:00
freebsd
freebsd
rubygem-paperclip -- validation bypass vulnerability
2015-06-05 00:00:00
prion
prion
Cross site scripting
2015-07-10 17:59:00
nessus
nessus
cvelist
cvelist
CVE-2015-2963
2015-07-10 17:00:00
github
github
paperclip Cross-site Scripting vulnerability
2017-10-24 18:33:36
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.6%
Related for JVN:83881261