CVE-2024-33893

Name of the Vulnerable Software and Affected Versions Cosy+ devices versions 21.x through 21.2s9 Cosy+ devices versions 22.x through 22.1s2

Description The issue arises from improper input sanitization when displaying logs, leading to a potential XSS attack. This is due to the improper neutralization of input during web page generation. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Cosy+ devices versions 21.x through 21.2s9, update to version 21.2s10 to resolve the issue. For Cosy+ devices versions 22.x through 22.1s2, update to version 22.1s3 to resolve the issue. As a temporary workaround, consider restricting access to the log display feature until a patch is available.