XSLT Injection
- Risk:
Medium
- Type:
- Active
- CWE:
- 91
- Summary
- Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.
- Solution
- Sanitize and analyze every user input coming from any client-side.