Vulnerabilities > Draytek > Vigor2766 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-41587 Cross-site Scripting vulnerability in Draytek products
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
network
low complexity
draytek CWE-79
5.4
2024-10-03 CVE-2024-41591 Cross-site Scripting vulnerability in Draytek products
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
network
low complexity
draytek CWE-79
6.1
2023-03-03 CVE-2023-23313 Cross-site Scripting vulnerability in Draytek products
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal.
network
low complexity
draytek CWE-79
6.1