Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
References
Link | Resource |
---|---|
https://fortiguard.com/zeroday/FG-VD-17-215 | Third Party Advisory |
https://wordpress.org/plugins/nextgen-gallery/#developers | Release Notes |
Configurations
History
No history.
Information
Published : 2018-04-30 22:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1000172
Mitre link : CVE-2018-1000172
CVE.ORG link : CVE-2018-1000172
JSON object : View
Products Affected
imagely
- nextgen_gallery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')