The first exploit allows an attacker to execute scripts on a Radio weblog's comments page. This can be used to redirect visitors to another Web site, transmit cookies to a third party, open pop-up windows, and the like.
The second exploit allows an attacker to post a comment to an entry that doesn't exist yet.
These exploits affect users who host their comments on UserLand servers. If you'd like to take your comments offline temporarily while a fix is being prepared, use the Comments preference to disable the feature and republish your entire weblog.
The issue with allowing scripts to execute on Radio comment pages also applies to Radio trackback pages. Steve Kirks reported the trackback issue on his weblog, and it was also reported in the Radio discussion forum ("BUG : trackback script injection") 6 months ago.