XSLT Injection
- Risk:
Medium
- Type:
- Active
- CWE:
- CWE-91
- Summary
Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.
- Solution
Sanitize and analyze every user input coming from any client-side.
New CoPhish attack steals OAuth tokens via Copilot Studio agents
Hackers launch mass attacks exploiting outdated WordPress plugins
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Critical WSUS flaw in Windows Server now exploited in attacks
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Mozilla: New Firefox extensions must disclose data collection practices
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
LowCWE-296 Improper Following of a Certificate's Chain of Trust
CWE-1282 Assumed-Immutable Data is Stored in Writable Memory
CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE-1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Free online web security scanner