The XSS vulnerability was discovered by Christian Grieger and was reported on GitHub here (on Jan. 29th, 2018): https://github.com/joomlaworks/simple-image-gallery/issues/10
The updated v3.6.0 was released the same day addressing this vulnerability (a $_SERVER['REQUEST_URI'] based XSS injection).
Since the print preview feature was slated for change, the offending code was removed and the print preview feature was enhanced allowing the gallery grid to be printed.
This update will also load one less CSS file (aka one less HTTP request) as the print CSS rules were combined with screen CSS rules.
Since this is both a feature and a security update release, we have maintained Joomla 1.5 support. Keep in mind that if you are on Joomla 1.5 it's important that you enable the "Mootools Upgrade" system plugin, otherwise the updated fancyBox lightbox script and any chosen jQuery library (1.8+) will conflict with the older (stock) Mootools included in Joomla 1.5.
Starting with the next update (v4), Simple Image Gallery (free) will be strictly compatible with the latest release of Joomla at the time.