source: https://www.securityfocus.com/bid/8288/info
Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link.
http://www.example.com/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>