Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27337
http://www.vupen.com/english/advisories/2006/2546
http://www.securityfocus.com/bid/18665
http://www.securityfocus.com/archive/1/438434/100/0/threaded
http://www.jaws-project.com/index.php?blog/show/29
http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847
http://securitytracker.com/id?1015264
http://secunia.com/advisories/20842
http://secunia.com/advisories/17741