RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3503)