Cross Site Scripting Vulnerability in Imagely NextGEN Gallery
CVE-2018-1000172

4.8MEDIUM

Key Information:

Vendor

Imagely

Status
Nextgen Gallery
Vendor
CVE Published:
30 April 2018

What is CVE-2018-1000172?

Imagely's NextGEN Gallery versions 2.2.30 and prior are susceptible to a Cross Site Scripting (XSS) vulnerability in the Image Alt & Title Text feature. This vulnerability can be exploited when an attacker tricks a victim into viewing a maliciously crafted image in the administrator interface. A patch has been released in version 2.2.45 to address this issue and enhance the security of the product.

References

https://fortiguard.com/zeroday/FG-VD-17-215
x_refsource_MISC
https://wordpress.org/plugins/nextgen-gallery/#developers
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.