cbcvebase.
CVE-2011-1425
published 2011-04-04

CVE-2011-1425: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or…

PriorityP341medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.06%
94.1th percentile
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Affected

99 ranges· showing 25
VendorProductVersion rangeFixed in
alekseyxml_security_library<= 1.2.16
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library
alekseyxml_security_library

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.