An issue exists in Joomla! 2.5.0 up to and including 3.9.24. Missing filtering of feed fields could lead to xss issues.
joomla joomla\\!