I sent you an email earlier george but looks like your server was having problems.
Anyway there is an xss in autoindex, Some kiddy group made it, does not much more then give a popup but could probably be used to steal cookies or whatever. I dont know, not to keen on xss. Here is the original advisory
Authors ....... mozako feat shen139
Date .......... 05-07-2005
Product ....... AutoIndex PHP Script
Type .......... Cross Site Scripting (XSS) vulnerability
AutoIndex PHP Script is a simply website directory indexer and file
At line 289 AutoIndex PHP Script doesn't validate '$_GET' variable
Consequently, a remote user can create an specially crafted
URL that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server.
- AutoIndex PHP Script v. 1.5.2 (tested)
Sanitize html source before writing it with a simply htmlspecialchars(...).