Lucene search
+L

4 matches found

nvd
nvd
added 2024/06/28 12:15 p.m.36 views

CVE-2024-5737

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

6.3CVSS0.01084EPSS
Exploits3References5
cvelist
cvelist
added 2024/06/28 11:29 a.m.44 views

CVE-2024-5737 HTML Injection in AdmirorFrames Joomla! Extension

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

6.3CVSS0.01084EPSS
Exploits3References5
vulnrichment
vulnrichment
added 2024/06/28 11:29 a.m.19 views

CVE-2024-5737 HTML Injection in AdmirorFrames Joomla! Extension

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

6.3CVSS7AI score0.01515EPSS
Exploits3References5
cve
cve
added 2024/06/28 11:29 a.m.69 views

CVE-2024-5737

CVE-2024-5737 affects the AdmirorFrames Joomla! extension. Red Hat entries confirm the issue resides in afGdStream.php, which does not set a Content-Type, causing a default text/html to be used. An attacker may embed HTML in image data, which will be rendered by a webpage as HTML. The vulnerabili...

6.3CVSS6.3AI score0.01515EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder