{"containers": {"cna": {"affected": [{"product": "Ipsilon", "vendor": "n/a", "versions": [{"status": "affected", "version": "0.1.0 before 1.0.1"}]}], "datePublic": "2015-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T18:16:41", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"}, {"tags": ["x_refsource_MISC"], "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:08.474Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5216", "datePublished": "2020-02-17T18:16:41", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:08.474Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipsilon-project:ipsilon:*:*:*:*:*:*:*:*", "matchCriteriaId": "471D901F-E89E-401F-A30B-6F063F887897", "versionEndExcluding": "1.0.1", "versionStartIncluding": "0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response."}, {"lang": "es", "value": "El servidor Identity Provider (IdP) en Ipsilon versiones 0.1.0 anteriores a 1.0.1, no escapa apropiadamente de determinados caracteres en una plantilla de mensaje de excepci\u00f3n de Python, lo que facilita a atacantes remotos llevar a cabo ataques de tipo cross-site scripting (XSS) por medio de una respuesta HTTP."}], "id": "CVE-2015-5216", "lastModified": "2024-11-21T02:32:34.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-17T19:15:11.697", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Michael Scherer (Red Hat).", "bugzilla": {"description": "ipsilon: XSS due to exception handling", "id": "1255170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255170"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response.", "A flaw was discovered in the Ipsilon IdP server in its use of Python templates, where JavaScript code could potentially be injected into an Python exception-message template. A remote, unauthorised attacker could use this flaw to perform an XXS attack."], "name": "CVE-2015-5216", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "ipsilon", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-08-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5216\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5216"], "threat_severity": "Moderate"}