David Padilla Alvarado

**Name of the Vulnerable Software and Affected Versions** Clibo Manager version 1.1.9.12 **Description** A clickjacking issue occurs in the '/public/login' directory, a login panel, due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims. **Recommendations** For Clibo Manager version 1.1.9.12, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the '/public/login' directory until a patch is available. Avoid using the vulnerable login panel until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Clibo Manager version 1.1.9.1 **Description** The issue allows an attacker to execute a stored Cross-Site Scripting (XSS) attack by uploading a malicious .svg image in the Profile > Profile picture section. This could potentially affect a significant number of devices, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Clibo Manager version 1.1.9.1, consider disabling the ability to upload .svg images in the Profile > Profile picture section until a patch is available. Restrict access to the Profile picture upload feature to minimize the risk of exploitation. Avoid using the Profile picture upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clibo Manager version 1.1.9.2 **Description** The issue is related to a rate limit vulnerability that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS). **Recommendations** For Clibo Manager version 1.1.9.2, consider implementing additional rate limiting measures or temporarily restricting email sending capabilities to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GT3 Soluciones SWAL (affected versions not specified) **Description** A Cross-Site Scripting (XSS) issue has been detected, which consists of a reflected XSS in the `Titular` parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.