Index: media.php
===================================================================
--- media.php	(revision 10282)
+++ media.php	(working copy)
@@ -662,6 +662,8 @@
 	foreach ( $attachments as $id => $attachment ) {
 		$link = isset($attr['link']) && 'file' == $attr['link'] ? wp_get_attachment_link($id, $size, false, false) : wp_get_attachment_link($id, $size, true, false);
 
+		$caption_cdata = wp_specialchars($attachment->post_excerpt);
+
 		$output .= "<{$itemtag} class='gallery-item'>";
 		$output .= "
 			<{$icontag} class='gallery-icon'>
@@ -670,7 +672,7 @@
 		if ( $captiontag && trim($attachment->post_excerpt) ) {
 			$output .= "
 				<{$captiontag} class='gallery-caption'>
-				{$attachment->post_excerpt}
+				{$caption_cdata}
 				</{$captiontag}>";
 		}
 		$output .= "</{$itemtag}>";