CVE-2021-24435 – Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24435
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues El archivo iframe-font-preview.php de titan-framework no escapa apropiadamente de los parámetros GET font-weight y font-family antes de devolverlos en un atributo href, conllevando a problemas de Cross-Site Scripting reflejado The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. • https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •