StarLite Pretty Photo [plg_system_slprettyphoto], 1.2 and below, XSS (Cross Site Scripting)

StarLite Pretty Photo plugin 1.2 contains a DOM XSS vulnerable JS library prettyPhoto

Vulnerability fixed in version 1.3

Update notice: http://www.starliteweb.com/extensions/starlite-pretty-photo/security-release-starlite-pretty-photo-version-1-3

please contact the developer for more information.