Vulnerabilities > Ipsilon Project

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2015-5216 Cross-Site Scripting vulnerability in Ipsilon-Project Ipsilon
The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response.
4.3
2020-02-17 CVE-2015-5215 Cross-Site Scripting vulnerability in Ipsilon-Project Ipsilon
** DISPUTED ** The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables.
4.3
2017-07-12 CVE-2016-8638 Session Fixation vulnerability in Ipsilon Project Ipsilon
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users.
network
low complexity
ipsilon-project CWE-384
6.4
2015-11-17 CVE-2015-5301 Permissions, Privileges, and Access Controls vulnerability in Ipsilon Project Ipsilon
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).
network
low complexity
ipsilon-project CWE-264
5.5
2015-11-17 CVE-2015-5217 Permissions, Privileges, and Access Controls vulnerability in Ipsilon Project Ipsilon
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.
network
low complexity
ipsilon-project CWE-264
4.0