Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit

This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time.
Platform: 
Vulnerabilty ID: 
CVE-2010-1186
Product Version: 
10.0
Released Date: 
Tuesday, April 13, 2010 - 00:00