Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-5737

June 28, 2024, 1:38 p.m.

Tags

CWE-79
cvd@cert.pl
2024-06-28
CVE-2024-5737

Product(s) Impacted

AdmirorFrames Joomla! extension

  • before 5.0

Description

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.

Weaknesses

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE ID: 79

Date

Published: June 28, 2024, 12:15 p.m.

Last Modified: June 28, 2024, 1:38 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cvd@cert.pl

References

https://cert.pl/ cvd@cert.pl
https://cert.pl/ cvd@cert.pl
https://github.com/ cvd@cert.pl
https://github.com/ cvd@cert.pl
https://github.com/ cvd@cert.pl