BK-Multithumb for Joomla 1.5, 2.5.0.4, XSS (Cross Site Scripting)
Extension contains known vulnerable version of JS library prettyPhoto
The vulnerability in JS file was patched by extension author on basis of 3.1.2 file.
Update notice: http://joomla.rjews.net/bk-multithumb
please contact the developer for more information.