Remote XSL inclusion

Description

This script is possibly vulnerable to remote XSL inclusion. The path to the XSL file can be controlled by the attacker. Therefore, it's possible to include malicious XSL files.

Remediation

Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.

References
Severity
Classification
Tags
  • File Inclusion