CISA has published an advisory on a permissive cross-domain policy with untrusted domains vulnerability in HMS Networks Ewon Flexy and Cosy. All versions prior to 14.1 are affected. Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information. HMS Networks recommends a series of mitigations for the vulnerability. CISA recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.