XSLT Injection
- Risk:
Medium
- Type:
- Active
- CWE:
- CWE-91
- Summary
Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.
- Solution
Sanitize and analyze every user input coming from any client-side.
Free security scan for your website