Vulnerabilities (CVE)

Filtered by vendor Hms-networks Subscribe
Filtered by product Ewon Cosy
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16230 1 Hms-networks 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more 2024-11-21 2.1 LOW 2.3 LOW
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
CVE-2020-10633 1 Hms-networks 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.