PT-2024-37113 · Joomla · Admirorframes
Sectroyer
·
Published
2024-06-28
·
Updated
2024-07-03
·
CVE-2024-5737
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions:
AdmirorFrames versions prior to 5.0
Description:
The issue affects the AdmirorFrames Joomla! extension, specifically the afGdStream.php script, which fails to specify a content type, resulting in the default text/html type being used. This allows an attacker to embed HTML tags directly in image data, which can be rendered by a webpage as HTML.
Recommendations:
For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the afGdStream.php script until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Admirorframes