Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit

This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time.
Vulnerabilty ID: 
CVE-2010-1186
Released Date: 
Monday, April 12, 2010 - 19:00