CVE-2021-27530

Name of the Vulnerable Software and Affected Versions DynPG version 4.9.2

Description A cross-site scripting (XSS) issue allows a remote attacker to inject javascript via the URI in the "/index.php" API endpoint. This can be exploited by manipulating the javascript code injected into the URI.

Recommendations For DynPG version 4.9.2, consider disabling access to the "/index.php" endpoint until a patch is available to prevent exploitation of the XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.