CVE-2015-5215

CVE-2015-5215 affects the Identity Provider (IdP) server of Ipsilon, specifically versions 0.1.0 through 1.0.0, where the Jinja templating engine is not auto-escaped by default. The documented consequence is easier remote cross-site scripting (XSS) via template variables, tied to the IdP’s defaul...

CVE-2015-5216

The CVE-2015-5216 entry affects Ipsilon IdP server versions 0.1.0 through 1.0.0. Root cause: improper escaping of characters in a Python exception-message template, enabling remote XSS via an HTTP response. Connected sources (e.g., PT-2020-7857) corroborate the same issue and specify the affected...