CVE Published: 28/06/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: CERT-PL |
Vendor: Nikola Vasilijevski |
Product: AdmirorFrames Status : PUBLISHED
CVE-2024-5737 Description
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.