46 matches found
CVE-2025-1009
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Apache Wicket Injection Vulnerability
Apache Wicket is a set of open source, lightweight, component-based frameworks from the Apache Foundation that provide an object-oriented approach to developing dynamic Web-based UI applications. Apache Wicket suffers from an injection vulnerability that stems from the default configuration of...
SUSE CVE-2015-6838
The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument...
SUSE CVE-2017-5376
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
DEBIAN-CVE-2021-4140
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
DEBIAN-CVE-2021-38503
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
XAPI Database Parsing Tool - Windows
Description This script applies an XML stylesheet to the XAPI database and creates a file that can be viewed in a web browser. The style sheet is an example of how data can be extracted from the database for quick offline troubleshooting and configuration analysis. Once the script has been ran...
Multiple Apple Products libxslt Component Memory Corruption Vulnerability
Apple watchOS and others are products of Apple Inc.Apple watchOS is a smartwatch operating system.Apple iCloud for Windows is a cloud service based on the Windows platform. The product supports storage of music, photos, apps, contacts, etc. Apple macOS Catalina is a specialized operating system...
DEBIAN-CVE-2017-5440
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...
UBUNTU-CVE-2018-5177
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...
CVE-2017-3031
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine...
CVE-2016-0033
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service performance degradation via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service...
XML Entity Cheatsheet - Updated
An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...
The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net
the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
PT-2013-1141 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 4.6 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to "solr/select/", when the response writer wt parameter is set to XSLT. This can b...
Mozilla Integer Overflow in XSLT Node Sorting
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...