Last modified by Nicolas Gregoire on 2012/07/23 14:23

Web (client side)

ApplicationXSLT Engine Vulnerabilities
WebkitlibxsltFile creation (CVE-2011-1774)
FirefoxTransformiixMemory corruption (MFSA 2012-08 aka CVE-2012-0449)
Opera PrestoMisc crashes (DSK-355332 and DSK-355334)
Internet ExplorerMS XML

Web (server side)

ApplicationXSLT Engine Vulnerabilities
LiferayXalan-J File disclosure (CVE-2011-1502 and CVE-2011-1503)
Code execution (CVE-2011-1571)
PHP 5libxsltArbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
SharepointMS XMLXML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074)
DotNetNukeMS XMLXML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module)
MoinMoin4SuiteArbitrary file disclosure and creation (CVE-2012-xxxx)

Online services

Application XSLT engine 
 W3C XSLT Gateway  Saxon
 Online Toolz libxslt 
 Shell Tools libxslt
 XSLT Java applet XSLTC from Xalan-J

Office software

ApplicationXSLT Engine Vulnerabilities
Adobe ReaderModified Sablotron Memory corruption (Linux only)
LiferalibxsltFile creation


ApplicationXSLT Engine Vulnerabilities
xmlseclibxsltFile creation (CVE-2011-1425)
Unnamed application verifying XML-DSig signaturesXalan-JRemote code execution


ApplicationXSLT Engine Vulnerabilities
Postgres SQLlibxsltFile disclosure, File creation


Welcome on the XSLT Hacking Encyclopedia !

You may be interested by the Engines and Applications pages.

Link to the blog
Twitter: @Agarri_FR

Tag Cloud

Failed to execute the [velocity] macro. Cause: [The execution of the [velocity] script macro is not allowed in [xhe:XWiki.TagCloud]. Check the rights of its last author or the parameters if it's rendered from another script.]. Click on this message for details.

Content by Nicolas Grégoire / Agarri
Blog - Follow me @Agarri_FR