Applications

Version 31.1 by Nicolas Gregoire on 2012/01/24 21:22

Web (client side)
Web (server side)
Online services
Office software
Security

Web (client side)

Application	XSLT Engine	Vulnerabilities
Webkit	libxslt	File creation (CVE-2011-1774)
Firefox	Transformiix
Opera	Presto
Internet Explorer	MS XML

Web (server side)

Application	XSLT Engine	Vulnerabilities
Liferay	Xalan-J	File disclosure (CVE-2011-1502 and CVE-2011-1503) Code execution (CVE-2011-1571)
PHP 5	libxslt	Arbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
Sharepoint	MS XML	File disclosure (CVE-2011-1892 aka MS11-074)
DotNetNuke	MS XML	File disclosure (No CVE, patched in v06.00.00 of the XML module)
MoinMoin	4Suite	Arbitrary file disclosure and creation (CVE-2012-xxxx)

Online services

Application	XSLT engine
W3C XSLT Gateway	Saxon
Online Toolz	libxslt
Shell Tools	libxslt
XSLT Java applet	XSLTC from Xalan-J

Office software

Application	XSLT Engine	Vulnerabilities
Adobe Reader	Modified Sablotron	Memory corruption (Linux only)
Lifera	libxslt	File creation
OpenOffice	libxslt

Security

Application	XSLT Engine	Vulnerabilities
xmlsec	libxslt	File creation (CVE-2011-1425)
Lasso	libxslt
Unnamed application verifying XML-DSig signatures	Xalan-J	Remote code execution