Applications

Version 20.1 by Nicolas Gregoire on 2012/01/13 15:16

Browsers

Application	XSLT Engine	Vulnerabilities
Webkit-based browser	libxslt	File creation (CVE-2011-1774)
Firefox	Transformiix
Opera	Presto
Internet Explorer	MS XML

Web (server side)

Application	XSLT Engine	Vulnerabilities
Liferay	Xalan-J	File disclosure (CVE-2011-1502 and CVE-2011-1503) Code execution (CVE-2011-1571)
PHP 5	libxslt	File creation (No CVE, No patch)
Sharepoint	MS XML	File disclosure (CVE-2011-1892 aka MS11-074)
DotNetNuke	MS XML	File disclosure (No CVE, patched in v06.00.00 of the XML module)

Online services

W3C XSLT Gateway : Saxon
Online Toolz : libxslt
Shell Tools : libxslt
XSLT Java applet : XSLTC from Xalan-J

Office software

Application	XSLT Engine	Vulnerabilities
Adobe Reader	Modified Sablotron	Memory corruption (Linux only)
Lifera	libxslt	File creation
OpenOffice	libxslt

Security

Application	XSLT Engine	Vulnerabilities
xmlsec	libxslt	File creation (CVE-2011-1425)
Lasso	libxslt
Unnamed application verifying XML-DSig signatures	Xalan-J	Remote code execution