Vulnerabilities > Draytek > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-03 | CVE-2024-41587 | Cross-site Scripting vulnerability in Draytek products Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | 5.4 |
| 2024-10-03 | CVE-2024-41591 | Cross-site Scripting vulnerability in Draytek products DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | 6.1 |
| 2023-03-03 | CVE-2023-23313 | Cross-site Scripting vulnerability in Draytek products Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. | 6.1 |
| 2023-03-03 | CVE-2023-1163 | Unspecified vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. | 6.5 |
| 2023-02-24 | CVE-2023-1009 | Unspecified vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 5.5 |
| 2021-10-22 | CVE-2020-28968 | Cross-site Scripting vulnerability in Draytek products Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. | 5.4 |
| 2021-10-13 | CVE-2021-20128 | Cross-site Scripting vulnerability in Draytek Vigorconnect 1.6.0 The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. | 5.4 |
| 2019-09-20 | CVE-2019-16534 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. | 6.1 |
| 2019-09-20 | CVE-2019-16533 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. | 6.1 |
| 2018-03-07 | CVE-2017-11650 | Cross-site Scripting vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | 6.1 |