David Matilla Rebollo

**Name of the Vulnerable Software and Affected Versions** SMA Cluster Controller version 01.05.01.R **Description** The issue is a Cross-Site Request Forgery vulnerability that could allow an attacker to send a malicious link to an authenticated user, enabling the attacker to perform actions with the user's permissions on the affected device. **Recommendations** For SMA Cluster Controller version 01.05.01.R, consider implementing additional security measures to prevent Cross-Site Request Forgery attacks, such as validating user requests and ensuring that all user interactions are authenticated and authorized. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sunny WebBox versions 1.6.1 and earlier **Description** The issue allows an attacker to send a malicious link to an authenticated operator, potentially enabling remote attackers to perform a clickjacking attack. **Recommendations** For Sunny WebBox versions 1.6.1 and earlier, update to a version later than 1.6.1 to resolve the issue. As a temporary workaround, consider restricting access to authenticated operators or implementing additional security measures to minimize the risk of clickjacking attacks.