Applications
Web (client side)
Application | XSLT Engine | Vulnerabilities |
---|---|---|
Webkit | libxslt | File creation (CVE-2011-1774) |
Firefox | Transformiix | Memory corruption (MFSA 2012-08 aka CVE-2012-0449) |
Opera | Presto | Misc crashes (DSK-355332 and DSK-355334) |
Internet Explorer | MS XML |
Web (server side)
Application | XSLT Engine | Vulnerabilities |
---|---|---|
Liferay | Xalan-J | File disclosure (CVE-2011-1502 and CVE-2011-1503) Code execution (CVE-2011-1571) |
PHP 5 | libxslt | Arbitrary file creation (CVE-2012-0057, corrected in v5.3.9) |
Sharepoint | MS XML | XML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074) |
DotNetNuke | MS XML | XML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module) |
MoinMoin | 4Suite | Arbitrary file disclosure and creation (CVE-2012-xxxx) |
Online services
Application | XSLT engine |
---|---|
W3C XSLT Gateway | Saxon |
Online Toolz | libxslt |
Shell Tools | libxslt |
XSLT Java applet | XSLTC from Xalan-J |
Office software
Application | XSLT Engine | Vulnerabilities |
---|---|---|
Adobe Reader | Modified Sablotron | Memory corruption (Linux only) |
Lifera | libxslt | File creation |
OpenOffice | libxslt |
Security
Application | XSLT Engine | Vulnerabilities |
---|---|---|
xmlsec | libxslt | File creation (CVE-2011-1425) |
Lasso | libxslt | |
Unnamed application verifying XML-DSig signatures | Xalan-J | Remote code execution |
Databases
Application | XSLT Engine | Vulnerabilities |
---|---|---|
Postgres SQL | libxslt | File disclosure, File creation |