sectroyer/CVEs

Releases0

Stars1

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-5737 ↗	Jun 28, 2024Friday, 28 June 2024, 12:15	6.1 MEDIUM	—
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
CVE-2024-5735 ↗	Jun 28, 2024Friday, 28 June 2024, 12:15	7.5 HIGH	—
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
CVE-2024-5736 ↗	Jun 28, 2024Friday, 28 June 2024, 12:15	7.5 HIGH	—
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
CVE-2023-39062 ↗	Aug 28, 2023Monday, 28 August 2023, 18:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.