Red Hat Bugzilla – Bug 1255170
CVE-2015-5216 ipsilon: XSS due to exception handling
Last modified: 2016-11-08 11:21:15 EST
Michael Scherer of Red Hat reports:
ipsilon does not escape HTML when processing http(s) request responses, allowing to inject js code into Python exception message template.
Created ipsilon tracking bugs for this issue:
Affects: fedora-all [bug 1255176]
This issue was discovered by Michael Scherer of Red Hat.
It was found that js code could potentially be injected into Python exception message template.