Applications

Version 29.1 by Nicolas Gregoire on 2012/01/23 12:26

Web (client side)

ApplicationXSLT Engine Vulnerabilities
WebkitlibxsltFile creation (CVE-2011-1774)
FirefoxTransformiix
Opera Presto
Internet ExplorerMS XML

Web (server side)

ApplicationXSLT Engine Vulnerabilities
LiferayXalan-J File disclosure (CVE-2011-1502 and CVE-2011-1503)
Code execution (CVE-2011-1571)
PHP 5libxsltArbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
Sharepoint MS XMLFile disclosure (CVE-2011-1892 aka MS11-074)
DotNetNukeMS XMLFile disclosure (No CVE, patched in v06.00.00 of the XML module)
MoinMoin4Suite...

Online services

Application XSLT engine 
 W3C XSLT Gateway  Saxon
 Online Toolz libxslt 
 Shell Tools libxslt
 XSLT Java applet XSLTC from Xalan-J

Office software

ApplicationXSLT Engine Vulnerabilities
Adobe ReaderModified Sablotron Memory corruption (Linux only)
LiferalibxsltFile creation
OpenOfficelibxslt

Security

ApplicationXSLT Engine Vulnerabilities
xmlseclibxsltFile creation (CVE-2011-1425)
Lassolibxslt
Unnamed application verifying XML-DSig signaturesXalan-JRemote code execution