A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote malicious user to inject javascript via URI in /index.php.
dynpg dynpg 4.9.2