diff --git a/gulliver/system/class.soapNtlm.php b/gulliver/system/class.soapNtlm.php
index 6db6bb2a9..655e14136 100644
--- a/gulliver/system/class.soapNtlm.php
+++ b/gulliver/system/class.soapNtlm.php
@@ -212,8 +212,10 @@ class soapNtlm
                 }
                 curl_setopt( $this->ch, CURLOPT_HTTPHEADER, array ('Expect:') );
             }
-        }
-        echo $this->buffer = curl_exec( $this->ch );
+        }
+        $this->buffer = curl_exec( $this->ch );
+        $buffer = $filter->xssFilterHard($this->buffer, "url");
+        echo $buffer;
         //echo "[NTLMStream::createBuffer] buffer size : " . strlen($this->buffer) . "bytes<br>";
         $this->pos = 0;
     }
diff --git a/gulliver/thirdparty/creole/util/Blob.php b/gulliver/thirdparty/creole/util/Blob.php
index 54d550edb..3a2a18726 100755
--- a/gulliver/thirdparty/creole/util/Blob.php
+++ b/gulliver/thirdparty/creole/util/Blob.php
@@ -52,7 +52,16 @@ class Blob extends Lob {
             }
         
         } else {            
-            echo $this->data;
+            $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+            $docuroot = explode( '/', $realdocuroot );
+            array_pop( $docuroot );
+            $pathhome = implode( '/', $docuroot ) . '/';
+            array_pop( $docuroot );
+            $pathTrunk = implode( '/', $docuroot ) . '/';
+            require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+            $filter = new InputFilter();
+            $data = $filter->xssFilterHard($this->data);
+            echo $data;
         }        
         
     }
diff --git a/gulliver/thirdparty/creole/util/Clob.php b/gulliver/thirdparty/creole/util/Clob.php
index 051b1021c..da5f773af 100755
--- a/gulliver/thirdparty/creole/util/Clob.php
+++ b/gulliver/thirdparty/creole/util/Clob.php
@@ -102,7 +102,15 @@ class Clob extends Lob {
             }
 
         } else {
-            echo $this->data;
+            $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+            $docuroot = explode( '/', $realdocuroot );
+            array_pop( $docuroot );
+            $pathhome = implode( '/', $docuroot ) . '/';
+            array_pop( $docuroot );
+            $pathTrunk = implode( '/', $docuroot ) . '/';
+            require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+            $filter = new InputFilter();
+            echo $filter->xssFilterHard($this->data);
         }
 
     }
diff --git a/gulliver/thirdparty/pear/Log/display.php b/gulliver/thirdparty/pear/Log/display.php
index 31ad1e7da..da8291a27 100755
--- a/gulliver/thirdparty/pear/Log/display.php
+++ b/gulliver/thirdparty/pear/Log/display.php
@@ -127,8 +127,17 @@ class Log_display extends Log
         $message = $this->_extractMessage($message);
 
         /* Build and output the complete log line. */
+        $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+        $docuroot = explode( '/', $realdocuroot );
+        array_pop( $docuroot );
+        $pathhome = implode( '/', $docuroot ) . '/';
+        array_pop( $docuroot );
+        $pathTrunk = implode( '/', $docuroot ) . '/';
+        require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+        $filter = new InputFilter();
+        $tag    = $filter->xssFilterHard(ucfirst($this->priorityToString($priority)));
         echo $this->_error_prepend .
-             '<b>' . ucfirst($this->priorityToString($priority)) . '</b>: '.
+             '<b>' . $tag . '</b>: '.
              nl2br(htmlspecialchars($message)) .
              $this->_error_append . $this->_linebreak;
 
diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php
index 3be771ff1..d5e87a230 100644
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -1086,6 +1086,8 @@ class adminProxy extends HttpProxyController
         } elseif ($files_img_type != '') {
             $failed = "1";
         }
+        $uploaded = $filter->validateInput($uploaded,'int');
+        $files_img_type = $filter->xssFilterHard($files_img_type);
         echo '{success: true, failed: ' . $failed . ', uploaded: ' . $uploaded . ', type: "' . $files_img_type . '"}';
         exit();
     }
diff --git a/workflow/engine/methods/controls/buscador.php b/workflow/engine/methods/controls/buscador.php
index 61dfef45d..b8bd03209 100755
--- a/workflow/engine/methods/controls/buscador.php
+++ b/workflow/engine/methods/controls/buscador.php
@@ -22,14 +22,15 @@
  * Coral Gables, FL, 33134, USA, or email info@colosa.com.
  */
 $frm = $HTTP_GET_VARS;
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
 ?>
 
 <h1>demo de buscador</h1>
 <form method=post action="buscador2.php">
-	<input type=hidden name=ticket value="<?php echo $frm['ticket'] ?>"> <input
-		type=hidden name=tipo value="<?php echo $frm['tipo'] ?>">
-Buscador tipo : <?php echo $frm['tipo'] ?><br>
+	<input type=hidden name=ticket value="<?php echo $filter->xssFilterHard($frm['ticket']) ?>"> <input
+		type=hidden name=tipo value="<?php echo $filter->xssFilterHard($frm['tipo']) ?>">
+Buscador tipo : <?php echo $filter->xssFilterHard($frm['tipo']) ?><br>
 
 	<table>
 		<tr>
diff --git a/workflow/engine/methods/oauth2/grant.php b/workflow/engine/methods/oauth2/grant.php
index ee040ff78..88e90c138 100644
--- a/workflow/engine/methods/oauth2/grant.php
+++ b/workflow/engine/methods/oauth2/grant.php
@@ -14,7 +14,7 @@ $code = empty($_GET['code']) ? 'NN' : $_GET['code'];
 
 $clientId = 'x-pm-local-client';
 $secret = '179ad45c6ce2cb97cf1029e212046e81';
-
+$userPwd = $clientId.':'.$secret;
 $data = array(
     'grant_type' => 'authorization_code',
     'code' => $code
@@ -23,7 +23,7 @@ $data = array(
 $ch = curl_init($endpoint);
 
 curl_setopt($ch, CURLOPT_HEADER, false);
-curl_setopt($ch, CURLOPT_USERPWD, $clientId.':'.$secret);
+curl_setopt($ch, CURLOPT_USERPWD, $userPwd);
 curl_setopt($ch, CURLOPT_TIMEOUT, 30);
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
diff --git a/workflow/engine/methods/services/login_getStarted.php b/workflow/engine/methods/services/login_getStarted.php
index ceafdae0c..43f67c334 100755
--- a/workflow/engine/methods/services/login_getStarted.php
+++ b/workflow/engine/methods/services/login_getStarted.php
@@ -42,7 +42,7 @@ $oTemplatePower->assign('USR_UID', $aUser['USR_UID']);
 $oTemplatePower->assign('USR_FULLNAME', $aData['USR_FIRSTNAME'] . ' ' . $aData['USR_LASTNAME'] . ' (' . $aData['USR_USERNAME'] . ')');
 */
 $userName = 'admin';
-$userPass = 'The password introduced at the time of installing the application. (If you did not change the password by default is "admin")';
+$userPass = "The password introduced at the time of installing the application. (If you did not change the password by default is $userName)";
 if(isset($_SESSION['NW_PASSWORD'])){
   if($_SESSION['NW_PASSWORD'] != ''){
     $userPass = $_SESSION['NW_PASSWORD'];
diff --git a/workflow/engine/methods/setup/webServicesAjax.php b/workflow/engine/methods/setup/webServicesAjax.php
index 97f141218..af06c4d4e 100755
--- a/workflow/engine/methods/setup/webServicesAjax.php
+++ b/workflow/engine/methods/setup/webServicesAjax.php
@@ -1510,8 +1510,8 @@ try {
                 die();
                 break;
             default:
-                $_POST = $filter->xssFilterHard($_POST);
-                print_r( $_POST );
+                $post = $filter->xssFilterHard($_POST);
+                print_r( $post );
         }
     }