A security change is introduced in MSXML parser version 6.0:
When loading a XSLT document that contains a script you must enable the AllowXsltScript property. See this forum post for more info. This will enable the use of msxml:script element functionality. The default value is changed to false in version 6.0. We use XSLT in our report generator to easily generate reports in any format (HTML, XML, Excel, CSV and custom formats). Read more on XSLT Security.