"-Synchronized-Data."

2020/16xxx/CVE-2020-16230.json

@@ -15,11 +15,11 @@
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "Advantech WebAccess/SCADA",
+                                "product_name": "HMS Networks Ewon Flexy and Cosy",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_value": "versions 9.0 and prior"
+                                            "version_value": "All versions prior to 14.1"
                                         }
                                     ]
                                 }
@@ -36,7 +36,7 @@
                 "description": [
                     {
                         "lang": "eng",
-                        "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
+                        "value": "PERMISSIVE CROSS-DOMAIN POLICY WITH UNTRUSTED DOMAINS"
                     }
                 ]
             }
@@ -46,8 +46,8 @@
         "reference_data": [
             {
                 "refsource": "MISC",
-                "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01",
-                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01"
+                "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-254-03",
+                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-254-03"
             }
         ]
     },
@@ -55,7 +55,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "WebAccess/SCADA Versions 9.0 and prior are vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user\u2019s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions."
+                "value": "All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing."
             }
         ]
     }

2021/27xxx/CVE-2021-27436.json

@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-27436",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "ics-cert@hq.dhs.gov",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Advantech WebAccess/SCADA",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Versions 9.0 and prior"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01",
+                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user\u2019s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions."
             }
         ]
     }

2021/28xxx/CVE-2021-28160.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Stored XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device."
+                "value": "Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device."
             }
         ]
     },