OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

SUSE CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

xss using .xsig file

Description xss using .xsig file Proof of Concept 1. Save this file as test.xsig file and upload it to http://localhost/ListAttachedFile 2. now view this file in chrome browser and see xss is executed...

The vulnerability in the implementation of the extractor.rdfa.XSLTStylesheet object of the XSLTStylesheet class in the Apache Any23 library allows attackers to perform XXE attacks.

The vulnerability of the extractor.rdfa.XSLTStylesheet object class in the XSLTStylesheet class of the Apache Any23 library is related to an incorrect restriction on XML references to external objects. Exploiting this vulnerability could allow a remote attacker to perform XXE attacks...

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

Design/Logic Flaw

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...

Nmap Bootstrap XSL - A Nmap XSL Implementation With Bootstrap

A Nmap XSL implementation with Bootstrap. How to use Add the nmap-bootstrap.xsl as stylesheet to your Nmap scan. For example: nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org Open...

Adobe Acrobat and Reader Buffer Overflow (APSB17-01: CVE-2017-2948)

A buffer overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error while parsing a corrupted PDF file containing an XSL stylesheet. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2949)

A heap overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error while parsing a corrupted PDF file containing an XSL stylesheet. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

Scientific Linux Security Update : libxslt on SL3.x, SL4.x, SL5.x i386/x86_64

Anthony de Almeida Lopes reported the libxslt library did not properly process long 'transformation match' conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the applicatio...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)

The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747)

The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)

The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines...

Design/Logic Flaw

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...