Remote XSL inclusion

Description
  • This script is possibly vulnerable to remote XSL inclusion. The path to the XSL file can be controlled by the attacker. Therefore, it's possible to include malicious XSL files.
Remediation
  • Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.
References
Severity
Classification
Tags