CVE-2024-5737 MEDIUM

CVE-2024-5737: HTML Injection in AdmirorFrames Joomla! Extension

Vendor Nikola Vasilijevski

Product AdmirorFrames

Weakness CWE-79 · XSS

Published June 28, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

What the vulnerability does

01Description

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.

Key dates

02Disclosure timeline

June 28, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5737 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities CVE-2026-4077 Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute CVE-2025-8155 D-Link DCS-6010L Management Application vb.htm cross site scripting CVE-2023-0013 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform