Multiple Cross-Site Scripting (XSS) In Titan Framework Vulnerabilities
29 Feb. 2016
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.
Vulnerable Systems:
* Titan Framework plugin before 1.6 for WordPress
Immune Systems:
* Titan Framework plugin after 1.6 for WordPress
Titan Framework pluginfor WordPress allow remote attackers to inject arbitrary web script or HTML. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.