CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5737 – HTML Injection in AdmirorFrames Joomla! Extension
https://notcve.org/view.php?id=CVE-2024-5737
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0. Script afGdStream.php en AdmirorFrames Joomla! • https://github.com/afine-com/CVE-2024-5737 https://cert.pl/en/posts/2024/06/CVE-2024-5735 https://cert.pl/posts/2024/06/CVE-2024-5735 https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737 https://github.com/vasiljevski/admirorframes/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5736 – SSRF in AdmirorFrames Joomla! Extension
https://notcve.org/view.php?id=CVE-2024-5736
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0. Vulnerabilidad de Server Side Request Forgery (SSRF) en AdmirorFrames Joomla! La extensión en el script afGdStream.php permite acceder a archivos locales o páginas del servidor disponibles solo desde localhost. • https://github.com/afine-com/CVE-2024-5736 https://cert.pl/en/posts/2024/06/CVE-2024-5735 https://cert.pl/posts/2024/06/CVE-2024-5735 https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736 https://github.com/vasiljevski/admirorframes/issues/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5735 – Full Path Disclosure in AdmirorFrames Joomla! Extension
https://notcve.org/view.php?id=CVE-2024-5735
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0. Vulnerabilidad de divulgación de ruta completa en AdmirorFrames Joomla! La extensión en el script afHelper.php permite a un atacante no autorizado recuperar la ubicación de la carpeta raíz web. • https://github.com/afine-com/CVE-2024-5735 https://cert.pl/en/posts/2024/06/CVE-2024-5735 https://cert.pl/posts/2024/06/CVE-2024-5735 https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735 https://github.com/vasiljevski/admirorframes/issues/3 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •