CVE-2021-27527

Name of the Vulnerable Software and Affected Versions DynPG version 4.9.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject JavaScript via the valueID parameter. This enables attackers to execute malicious scripts on the client-side, potentially leading to unauthorized actions or data theft.

Recommendations For DynPG version 4.9.2, consider restricting access to the valueID parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the valueID parameter in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.