Back to search
CVE-2024-5737
Published: Jun 28, 2024
Modified: Aug 1, 2024
PUBLISHED
Description
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
| Vendor | Product | Versions |
|---|---|---|
Nikola Vasilijevski | AdmirorFrames | affected 0 - < 5.0 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2024/06/CVE-2024-5735/
third-party-advisory
https://cert.pl/posts/2024/06/CVE-2024-5735/
third-party-advisory
https://github.com/vasiljevski/admirorframes/issues/3
issue-tracking
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737
technical-description
https://github.com/afine-com/CVE-2024-5737
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now