Applications

Version 15.1 by Nicolas Gregoire on 2012/01/13 15:08

Browsers

Application	XSLT Engine	Vulnerabilities
Webkit-based browser	libxslt	File creation (CVE-2011-1774)
Firefox	Transformiix
Opera	Presto
Internet Explorer	MS XML

Web (server side)

Application	XSLT Engine	Vulnerabilities
Liferay	Xalan-J	File disclosure (CVE-2011-1502 / CVE-2011-1503), code execution (CVE-2011-1571)
PHP 5	libxslt	File creation (No CVE, No patch)
Sharepoint	MS XML	File disclosure (CVE-2011-1892 aka MS11-074 )
DotNetNuke	MS XML	File disclosure (No CVE, patched in v06.00.00 of the XML module)

Online services

W3C XSLT Gateway : Saxon
Online Toolz : libxslt
Shell Tools : libxslt
XSLT Java applet : XSLTC from Xalan-J

Office software

Application	XSLT Engine	Vulnerabilities
Adobe Reader	Modified Sablotron	Memory corruption (Linux only)
Lifera	libxslt	File creation
OpenOffice	libxslt

Security

xmlsec : libxslt

Lasso : libxslt

Application	XSLT Engine	Vulnerabilities
Liferay	Xalan-J	File disclosure, code execution
PHP 5	libxslt	File creation
Sharepoint	MS XML	File disclosure
DotNetNuke	MS XML	File disclosure