http://www.mediawiki.org/wiki/Extension:RSS_Reader seems to live exclusively at the wiki page, instead of being at a repository.
Injection vulnerabilities are quite common in these kind of extensions. With a quick glance, it misses to escape the output everywhere. Just edit the page when fixing the bug. I don't think it is actively maintained, but you can contact the author http://www.mediawiki.org/wiki/User:DFRussia -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
