Details
Alert Id 90017
Alert Type Active Scan Rule
Status beta
Risk Medium
CWE 91
WASC 23

Summary

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.

Solution

Sanitize and analyze every user input coming from any client-side.

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/XsltInjectionScanRule.java