Vulnerabilities > Draytek > Vigor2925 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-03 | CVE-2024-41587 | Cross-site Scripting vulnerability in Draytek products Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | 5.4 |
| 2024-10-03 | CVE-2024-41591 | Cross-site Scripting vulnerability in Draytek products DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | 6.1 |
| 2019-09-20 | CVE-2019-16534 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. | 6.1 |
| 2019-09-20 | CVE-2019-16533 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. | 6.1 |