{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T00:26:17.162","vulnerabilities":[{"cve":{"id":"CVE-2018-1000172","sourceIdentifier":"cve@mitre.org","published":"2018-04-30T22:29:00.247","lastModified":"2024-11-21T03:39:50.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45."},{"lang":"es","value":"Imagely NextGEN Gallery, en versiones 2.2.30 y anteriores, contiene una vulnerabilidad de Cross Site Scripting (XSS) en Image Alt Title Text. El ataque parece ser explotable si una víctima visualiza la imagen en la página de administrador. La vulnerabilidad parece haber sido solucionada en la versión 2.2.45."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.2.30","matchCriteriaId":"CC941760-4EFB-4381-B4F4-7A71121A3982"}]}]}],"references":[{"url":"https://fortiguard.com/zeroday/FG-VD-17-215","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://wordpress.org/plugins/nextgen-gallery/#developers","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://fortiguard.com/zeroday/FG-VD-17-215","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://wordpress.org/plugins/nextgen-gallery/#developers","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}