Vulnerability Details CVE-2020-28968
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-28968
-
cpe:2.3:h:draytek:vigorap_1000c:-
-
cpe:2.3:h:draytek:vigorap_700:-
-
cpe:2.3:h:draytek:vigorap_710:-
-
cpe:2.3:h:draytek:vigorap_800:-
-
cpe:2.3:h:draytek:vigorap_802:-
-
cpe:2.3:h:draytek:vigorap_810:-
-
cpe:2.3:h:draytek:vigorap_900:-
-
cpe:2.3:h:draytek:vigorap_902:-
-
cpe:2.3:h:draytek:vigorap_903:-
-
cpe:2.3:h:draytek:vigorap_910c:-
-
cpe:2.3:h:draytek:vigorap_912c:-
-
cpe:2.3:h:draytek:vigorap_918r:-
-
cpe:2.3:h:draytek:vigorap_920r:-
-
cpe:2.3:o:draytek:vigorap_1000c_firmware:1.3.2
-
cpe:2.3:o:draytek:vigorap_700_firmware:1.11
-
cpe:2.3:o:draytek:vigorap_710_firmware:1.2.5
-
cpe:2.3:o:draytek:vigorap_800_firmware:1.1.4
-
cpe:2.3:o:draytek:vigorap_802_firmware:1.3.2
-
cpe:2.3:o:draytek:vigorap_810_firmware:1.2.5
-
cpe:2.3:o:draytek:vigorap_900_firmware:1.2.0
-
cpe:2.3:o:draytek:vigorap_902_firmware:1.2.5
-
cpe:2.3:o:draytek:vigorap_903_firmware:1.3.1
-
cpe:2.3:o:draytek:vigorap_910c_firmware:1.2.5
-
cpe:2.3:o:draytek:vigorap_912c_firmware:1.3.2
-
cpe:2.3:o:draytek:vigorap_918r_firmware:1.3.2
-
cpe:2.3:o:draytek:vigorap_920r_firmware:1.3.0