Ismael Pacheco Torrecilla

**Name of the Vulnerable Software and Affected Versions** Kelio Visio 1 versions 3.2C through 5.1K Kelio Visio X7 versions 3.2C through 5.1K Kelio Visio X4 versions 3.2C through 5.1K **Description** The issue is a Reflected Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable `username` parameter of the "/PageLoginVisio.do" endpoint. **Recommendations** For Kelio Visio 1 versions 3.2C through 5.1K, consider disabling the editable `username` parameter in the "/PageLoginVisio.do" endpoint until a patch is available. For Kelio Visio X7 versions 3.2C through 5.1K, restrict access to the "/PageLoginVisio.do" endpoint to minimize the risk of exploitation. For Kelio Visio X4 versions 3.2C through 5.1K, avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SCAN VISIO eDocument Suite Web Viewer of Abast (affected versions not specified) **Description** A SQL Injection issue has been discovered, allowing an unauthenticated user to retrieve, update, and delete all database information. This issue was found on the login page via the `user` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.