NextGEN Legacy v1.9.26 XSS Cross-Site Scripting Attack

Where exactly does this happen?

I’m so not going to post a link to my website with a xss attack.
I have send a email with a link to “WPReady” the head dude for this plugin.

It’s not hard to see where this is happening just by looking at the album, gallery & nggpage

it’s happening where ever your gallery page is for NextGEN Legacy

Of course I understand you don’t want to link to your site.

What I was asking is, where exactly do you click to get to this URL? (Fox example, on a gallery, an album, etc.)

Since this is a security issue, it is perhaps best if we continue this elsewhere, and so I’ll let you handle it with WPGetReady then.

The head guy got back to me & he is working on a fix.
So there will be an update sooner or later.

So when will this be fixed?????????

How long do we have to w8?