A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan (Network Menu) page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could exploit this vulnerability to insert malicious code.