Unrated severityNVD Advisory· Published Sep 18, 2020· Updated Aug 4, 2024
CVE-2020-16230
CVE-2020-16230
Description
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Ewon/Flexy and Cosydescription
Patches
Vulnerability mechanics
References
1- us-cert.cisa.gov/ics/advisories/icsa-20-254-03mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.