You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ESIGate supports esi:include tag along with the stylesheet attribute. This attribute can be a remote XSLT. This feature can allow an attacker to execute code on the remote server.
We have to switch the XSLT parser to secure mode in order to prevent execution of malicious commands inserted in stylesheets.
This bug was found by Benoit Côté-Jodoin and reported by Philippe Arteau from GoSecure
The text was updated successfully, but these errors were encountered:
ESIGate supports esi:include tag along with the stylesheet attribute. This attribute can be a remote XSLT. This feature can allow an attacker to execute code on the remote server.
We have to switch the XSLT parser to secure mode in order to prevent execution of malicious commands inserted in stylesheets.
This bug was found by Benoit Côté-Jodoin and reported by Philippe Arteau from GoSecure
The text was updated successfully, but these errors were encountered: