CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24435 – Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24435
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues El archivo iframe-font-preview.php de titan-framework no escapa apropiadamente de los parámetros GET font-weight y font-family antes de devolverlos en un atributo href, conllevando a problemas de Cross-Site Scripting reflejado The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. • https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6444 – Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6444
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php. Múltiples vulnerabilidades de XSS en el plugin Titan Framework en versiones anteriores a 1.6 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) t en iframe-googlefont-preview.php o (2) text en iframe-font-preview.php. • https://research.g0blin.co.uk/cve-2014-6444 https://wpvulndb.com/vulnerabilities/8233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •