Applications
Last modified by Nicolas Gregoire on 2012/07/23 14:23
- Manage
-
Copy
- Actions
-
Export
-
Print Preview
- Viewers
-
Source
-
Siblings
-
Comments
-
Annotations
-
Attachments
-
History
-
Information
Web (client side)
| Application | XSLT Engine | Vulnerabilities |
|---|---|---|
| Webkit | libxslt | File creation (CVE-2011-1774) |
| Firefox | Transformiix | Memory corruption (MFSA 2012-08 aka CVE-2012-0449) |
| Opera | Presto | Misc crashes (DSK-355332 and DSK-355334) |
| Internet Explorer | MS XML |
Web (server side)
| Application | XSLT Engine | Vulnerabilities |
|---|---|---|
| Liferay | Xalan-J | File disclosure (CVE-2011-1502 and CVE-2011-1503) Code execution (CVE-2011-1571) |
| PHP 5 | libxslt | Arbitrary file creation (CVE-2012-0057, corrected in v5.3.9) |
| Sharepoint | MS XML | XML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074) |
| DotNetNuke | MS XML | XML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module) |
| MoinMoin | 4Suite | Arbitrary file disclosure and creation (CVE-2012-xxxx) |
Online services
| Application | XSLT engine |
|---|---|
| W3C XSLT Gateway | Saxon |
| Online Toolz | libxslt |
| Shell Tools | libxslt |
| XSLT Java applet | XSLTC from Xalan-J |
Office software
| Application | XSLT Engine | Vulnerabilities |
|---|---|---|
| Adobe Reader | Modified Sablotron | Memory corruption (Linux only) |
| Lifera | libxslt | File creation |
| OpenOffice | libxslt |
Security
| Application | XSLT Engine | Vulnerabilities |
|---|---|---|
| xmlsec | libxslt | File creation (CVE-2011-1425) |
| Lasso | libxslt | |
| Unnamed application verifying XML-DSig signatures | Xalan-J | Remote code execution |
Databases
| Application | XSLT Engine | Vulnerabilities |
|---|---|---|
| Postgres SQL | libxslt | File disclosure, File creation |