CVE-2021-27528

Name of the Vulnerable Software and Affected Versions DynPG version 4.9.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject JavaScript via the refID parameter. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For DynPG version 4.9.2, consider restricting access to the refID parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the refID parameter in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this issue.