CVE-2021-34649 – Simple Behance Portfolio <= 0.2 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-34649
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. El plugin Simple Behance Portfolio de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro "dark" en el archivo ~/titan-framework/iframe-font-preview.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 0.2 incluyéndola. • https://plugins.trac.wordpress.org/browser/simple-behace-portfolio/trunk/titan-framework/iframe-font-preview.php#L141 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •