CVE-2024-41584
CVE-2024-41584 affects DrayTek Vigor3910 devices up to firmware 4.3.2.6, where a reflected XSS vulnerability exists due to missing validation of the sFormAuthStr parameter. The issue is exploitable by authenticated users via the Web UI, with CVSS 3.1 base score 4.7 (Network, Low attack complexity...