A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote malicious users to inject JavaScript via the "page" parameter.
dynpg dynpg 4.9.2