Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
References
Link | Resource |
---|---|
https://fortiguard.com/zeroday/FG-VD-17-215 | Third Party Advisory |
https://wordpress.org/plugins/nextgen-gallery/#developers | Release Notes |
https://fortiguard.com/zeroday/FG-VD-17-215 | Third Party Advisory |
https://wordpress.org/plugins/nextgen-gallery/#developers | Release Notes |
Configurations
History
21 Nov 2024, 03:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/zeroday/FG-VD-17-215 - Third Party Advisory | |
References | () https://wordpress.org/plugins/nextgen-gallery/#developers - Release Notes |
Information
Published : 2018-04-30 22:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000172
Mitre link : CVE-2018-1000172
CVE.ORG link : CVE-2018-1000172
JSON object : View
Products Affected
imagely
- nextgen_gallery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')