StarLite Pretty Photo [plg_system_slprettyphoto], 1.2 and below, XSS (Cross Site Scripting)
StarLite Pretty Photo plugin 1.2 contains a DOM XSS vulnerable JS library prettyPhoto
Vulnerability fixed in version 1.3
Update notice: http://www.starliteweb.com/extensions/starlite-pretty-photo/security-release-starlite-pretty-photo-version-1-3
please contact the developer for more information.