Applications

Last modified by Nicolas Gregoire on 2012/07/23 14:23

Web (client side)

ApplicationXSLT Engine Vulnerabilities
WebkitlibxsltFile creation (CVE-2011-1774)
FirefoxTransformiixMemory corruption (MFSA 2012-08 aka CVE-2012-0449)
Opera PrestoMisc crashes (DSK-355332 and DSK-355334)
Internet ExplorerMS XML

Web (server side)

ApplicationXSLT Engine Vulnerabilities
LiferayXalan-J File disclosure (CVE-2011-1502 and CVE-2011-1503)
Code execution (CVE-2011-1571)
PHP 5libxsltArbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
SharepointMS XMLXML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074)
DotNetNukeMS XMLXML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module)
MoinMoin4SuiteArbitrary file disclosure and creation (CVE-2012-xxxx)

Online services

Application XSLT engine 
 W3C XSLT Gateway  Saxon
 Online Toolz libxslt 
 Shell Tools libxslt
 XSLT Java applet XSLTC from Xalan-J

Office software

ApplicationXSLT Engine Vulnerabilities
Adobe ReaderModified Sablotron Memory corruption (Linux only)
LiferalibxsltFile creation
OpenOfficelibxslt

Security

ApplicationXSLT Engine Vulnerabilities
xmlseclibxsltFile creation (CVE-2011-1425)
Lassolibxslt
Unnamed application verifying XML-DSig signaturesXalan-JRemote code execution

Databases

ApplicationXSLT Engine Vulnerabilities
Postgres SQLlibxsltFile disclosure, File creation