CISA has published an advisory on a cross-site scripting vulnerability in HMS Networks eWON Flexy and Cosy. For both products, all firmware versions prior to 14.1s0 are affected. Successful exploitation of this vulnerability could initiate a password change. HMS Networks recommends users update to latest firmware, Version 14.1s0. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.