43 matches found
PT-2026-4798
Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...
firefox: thunderbird: XSLT documents could bypass CSP
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...
firefox: thunderbird: XSLT documents could bypass CSP
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...
firefox: thunderbird: XSLT documents could bypass CSP
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...
DEBIAN-CVE-2025-1009
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Dassault Systèmes ENOVIA Live Collaboration V6R2013xE 代码注入漏洞
Dassault Systèmes ENOVIA Live Collaboration V6R2013xE is a Product Lifecycle Management PLM software from Dassault Systèmes, France. A security vulnerability exists in Dassault Systèmes ENOVIA Live Collaboration V6R2013xE version to V6R2013xE FP version, which stems from the discovery of an XSL...
SUSE CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
SUSE CVE-2013-5375
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL...
Mozilla: Address bar spoofing via XSLT error handling
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...
Mozilla: Iframe sandbox bypass with XSLT
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...
Mozilla: Iframe sandbox bypass with XSLT
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...
Mozilla: Iframe sandbox bypass with XSLT
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...
Mozilla: Iframe sandbox bypass with XSLT
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Mozilla Firefox 安全特征问题漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature problem in which iframe sandboxing rules are not properly applied to XSLT style sheets and an attacker can use the vulnerability to bypass implemented security restrictio...
Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (CNVD-2020-31586)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in the XSLT processing logic in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to upload and execute malicious files with...
Stack-based Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Memory Corruption
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Use After Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...