Lucene search
RedhatCVELIST:CVE-2015-5215HistoryFeb 17, 2020 - 12:00 a.m.
CVE-2015-5215
2020-02-1700:00:00
redhat
www.cve.org
0.001 Low
EPSS
Percentile
48.9%
The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default.
CNA Affected
[
{
"vendor": "n/a",
"product": "Ipsilon",
"versions": [
{
"version": "0.1.0 before 1.0.1",
"status": "affected"
}
]
}
]Related
prion
prion
Cross site scripting
2020-02-17 19:15:00
Cross site scripting
2020-02-17 19:15:00
nvd
nvd
CVE-2015-5215
2020-02-17 19:15:11
CVE-2015-5216
2020-02-17 19:15:11
cve
cve
CVE-2015-5215
2020-02-17 19:15:11
CVE-2015-5216
2020-02-17 19:15:11
nessus
nessus
Fedora 23 : ipsilon-1.0.0-5.fc23 (2015-13919)
2015-11-02 00:00:00
Fedora 23 : ipsilon-1.1.1-2.fc23 (2015-15291)
2015-11-09 00:00:00
Fedora 22 : ipsilon-1.1.1-2.fc22 (2015-15292)
2015-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ipsilon-1.0.0-5.fc23
2015-11-01 03:39:07
[SECURITY] Fedora 22 Update: ipsilon-1.1.1-2.fc22
2015-11-08 09:51:46
[SECURITY] Fedora 23 Update: ipsilon-1.1.1-2.fc23
2015-11-08 06:57:01
openvas
openvas
Fedora Update for ipsilon FEDORA-2015-15292
2015-11-09 00:00:00
cvelist
cvelist
CVE-2015-5216
2020-02-17 18:16:41