c1gar
c1gar
Vulnerability Cause: During XSLT transformation, the content of the XSL is controllable, and security parameters are not set. Vulnerability Location:org.imixs.workflow.jaxrs.ReportRestService Steps to reproduce the behavior: **1. Generate a specific report...
pom.xml ``` org.xmlunit xmlunit-core 2.9.1 ``` poc ``` import org.xmlunit.transform.Transformation; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamResult; import javax.xml.transform.stream.StreamSource; public class xmlunit_test { public static void main(String[] args) { Transformation transformation...
In org/custommonkey/xmlunit/SimpleXpathEngine.java, there is no secure setting for XSLT and it is vulnerable to injection, potentially leading to remote code execution. **POC** `package com.example.xxe_test.controller; import org.custommonkey.xmlunit.SimpleXpathEngine; import org.custommonkey.xmlunit.XMLUnit; import org.custommonkey.xmlunit.XpathEngine;...
In the latest version of deegree3, the file org.deegree.commons.xml.XsltUtils.java contains XSLT functionality no security parameters were added. This is highly risky, as XSLT vulnerabilities could lead to RCE, file reading,...
The Takes framework is vulnerable to XSLT injection due to the lack of secure parameters in XSLT transformation function that comes with the Takes framework. Below is an example code...
In the org.jpos.iso.filter.XSLTFilter.java file, there is a functionality for XSL transformation without setting secure parameters, which poses a risk of Remote Code Execution (RCE). It is recommended to add secure...