Lucene search
PRIOn knowledge basePRION:CVE-2015-5215HistoryFeb 17, 2020 - 7:15 p.m.
Cross site scripting
2020-02-1719:15:00
PRIOn knowledge base
www.prio-n.com
1
DISPUTED The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default.
Related
cvelist
cvelist
CVE-2015-5215
2020-02-17 00:00:00
CVE-2015-5216
2020-02-17 18:16:41
nvd
nvd
CVE-2015-5215
2020-02-17 19:15:11
CVE-2015-5216
2020-02-17 19:15:11
cve
cve
CVE-2015-5215
2020-02-17 19:15:11
CVE-2015-5216
2020-02-17 19:15:11
nessus
nessus
Fedora 23 : ipsilon-1.0.0-5.fc23 (2015-13919)
2015-11-02 00:00:00
Fedora 23 : ipsilon-1.1.1-2.fc23 (2015-15291)
2015-11-09 00:00:00
Fedora 22 : ipsilon-1.1.1-2.fc22 (2015-15292)
2015-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ipsilon-1.0.0-5.fc23
2015-11-01 03:39:07
[SECURITY] Fedora 22 Update: ipsilon-1.1.1-2.fc22
2015-11-08 09:51:46
[SECURITY] Fedora 23 Update: ipsilon-1.1.1-2.fc23
2015-11-08 06:57:01
openvas
openvas
Fedora Update for ipsilon FEDORA-2015-15292
2015-11-09 00:00:00
prion
prion
Cross site scripting
2020-02-17 19:15:00