Rubén López Herrera

**Name of the Vulnerable Software and Affected Versions** CIGESv2 (affected versions not specified) **Description** The issue concerns an information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access the "/vendor/composer/installed.json" endpoint and retrieve all installed packages used by the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CIGESv2 system (affected versions not specified) **Description** The issue is a Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system. This allows an attacker to execute and store malicious javascript code in the application form without prior registration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CIGESv2 system (affected versions not specified) **Description** The issue allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. This is due to an HTML injection vulnerability affecting the CIGESv2 system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CIGESv2 system (affected versions not specified) **Description** The issue is related to an information exposure vulnerability in the CIGESv2 system. This could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.