Vulnerabilities > Draytek > Virgor2925Vac Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-03 CVE-2023-23313 Cross-site Scripting vulnerability in Draytek products
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal.
network
low complexity
draytek CWE-79
6.1