I started researching RSS and Atom feed vulns last September but got distracted for 6 months or so with work/life. I've written a basic paper discussing the issues relating to Cross Site Scripting and web based feeds. I cover the risks associated with the following types of readers:
* Web Based Readers (such as bloglines)
* Local Readers (Such as your web browser, or stand alone feed reader)
* Websites using feed content directly on their own website
* Websites using feed content and merging it into their own feed
I'll be at blackhat this week so story updates will be a little slow.
Article Link: http://www.cgisecurity.com/papers/HackingFeeds.pdf