CVE-2011-1425 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-1425 Interim 1 3 2021-06-09T09:00:58Z current 2021-05-30T12:56:59Z 2021-06-09T09:00:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-1425 xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. CVE-2011-1425 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P