cve/CVE-2024-5737.md at d6bcaa53f24d3df2dbf6336b03d1d66a29e9f0f3

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 09:41:05 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.

POC

Reference

No PoCs from references.

Github

https://github.com/afine-com/research
https://github.com/nomi-sec/PoC-in-GitHub

908 B Raw Blame History Unescape Escape

CVE-2024-5737

Description

POC

Reference

Github

908 B

Raw Blame History