"An XSS vulneravility has been discovered in NextGEN Gallery, a
very popular and commonly used plugin for the Wordpress content
management system commonly found as a blogging platform. This
vulnerability results from reflected unsanitized imput that can be
crafted into an attack by a malicious user by manipulating the mode
parameter of the xml/media-rss.php script."
* NextGEN Gallery 1.5.0
* NextGEN Gallery 1.5.1
* Older versions are probably affected too, but they were not checked.
* NextGEN Gallery 1.5.2
It is recommended that Wordpress users that use Gallery update to v1.5.2.