logo

XSLT Injection

  • Risk:
  • Medium

  • Type:
  • Active
Summary

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.

Solution

Sanitize and analyze every user input coming from any client-side.

References

https://www.contextis.com/blog/xslt-server-side-injection-attacks

Free security scan for your website