dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.
dsmall project dsmall 20180320