Vulnerabilities > Draytek > Vigor2862 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-41587 Cross-site Scripting vulnerability in Draytek products
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
network
low complexity
draytek CWE-79
5.4
2024-10-03 CVE-2024-41591 Cross-site Scripting vulnerability in Draytek products
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
network
low complexity
draytek CWE-79
6.1