CVE-2020-16230

Name of the Vulnerable Software and Affected Versions Ewon Flexy and Cosy versions prior to 14.1

Description The issue allows an attacker with local access and high privileges to inject scripts into the Cross-origin Resource Sharing (CORS) configuration. This could lead to the retrieval of limited confidential information through sniffing, as the software uses wildcards such as (*) under which domains can request resources.

Recommendations For versions prior to 14.1, update to version 14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the CORS configuration to minimize the risk of exploitation. Avoid using wildcards in the CORS configuration until the issue is resolved.