Escope PrettyPhoto [mod_escope_pp], 1.0.3 and below, XSS (Cross Site Scripting)
Module eScope PrettyPhoto contains a DOM XSS vulnerable JS library prettyPhoto
Abandonware : no fix planned, author doesn't want to support it anymore!
If you are using this extension, please uninstall and find alternative.
please contact the developer for more information.