CVE-2014-7296

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURESECUREPROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document...

Default configuration

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURESECUREPROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document...

CVE-2014-7296

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURESECUREPROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document...

CVE-2014-7296

CVE-2014-7296 affects SpagoBI 5.0.0: the accessibility engine’s default config does not enable FEATURE_SECURE_PROCESSING, allowing remote authenticated users to execute arbitrary Java code through a crafted XSL document. Impact is code execution with partial confidentiality/integrity/availability...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file...

Adobe Reader Crafted XSL Remote Code Execution (APSB13-02; CVE-2012-1530)

Adobe Reader is vulnerable to arbitrary code execution when a certain function is called from a specially crafted XSL file embedded within a PDF file...