diff --git a/SECURITY.md b/SECURITY.md
index 8ef569d6da0..bcc1bd7d9e0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -49,7 +49,7 @@ You must not leak, manipulate, or destroy any user data of third parties to find
 
 ## Scope for qualified vulnerabilities
 
-ONLY vulnerabilities discovered, when the following setup on test platform is used, are "validated":
+ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid":
 
 * $dolibarr_main_prod must be set to 1 into conf.php
 * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
@@ -57,7 +57,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
 * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default)
 * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool)
 * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
-* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
+* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
 * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
 * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
 * CSRF attacks are accepted for all when using a POST URL, but when using GET URL, they are validated only for creating or updating data resctricted to the admin user.
diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php
index bf0e4f57743..2d0b9ad57c1 100644
--- a/htdocs/core/tpl/login.tpl.php
+++ b/htdocs/core/tpl/login.tpl.php
@@ -149,8 +149,7 @@ if ($disablenofollow) echo '</a>';
 <div class="tagtd nowraponall center valignmiddle tdinputlogin">
 <?php if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?><label for="username" class="hidden"><?php echo $langs->trans("Login"); ?></label><?php } ?>
 <!-- <span class="span-icon-user">-->
-<span class="fa fa-user">
-</span>
+<span class="fa fa-user"></span>
 <input type="text" id="username" placeholder="<?php echo $langs->trans("Login"); ?>" name="username" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($login); ?>" tabindex="1" autofocus="autofocus" />
 </div>
 </div>
@@ -160,8 +159,7 @@ if ($disablenofollow) echo '</a>';
 <div class="tagtd nowraponall center valignmiddle tdinputlogin">
 <?php if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?><label for="password" class="hidden"><?php echo $langs->trans("Password"); ?></label><?php } ?>
 <!--<span class="span-icon-password">-->
-<span class="fa fa-key">
-</span>
+<span class="fa fa-key"></span>
 <input id="password" placeholder="<?php echo $langs->trans("Password"); ?>" name="password" class="flat input-icon-password minwidth150" type="password" value="<?php echo dol_escape_htmltag($password); ?>" tabindex="2" autocomplete="<?php echo empty($conf->global->MAIN_LOGIN_ENABLE_PASSWORD_AUTOCOMPLETE) ? 'off' : 'on'; ?>" />
 </div></div>
 
@@ -190,19 +188,16 @@ if ($captcha) {
 	?>
 	<!-- Captcha -->
 	<div class="trinputlogin">
-	<div class="tagtd nowraponall none center valignmiddle tdinputlogin">
+	<div class="tagtd none valignmiddle tdinputlogin">
 
-	<table class="login_table_securitycode centpercent">
-	<tr class="valignmiddle">
-	<td>
-	<span class="span-icon-security">
-	<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width100" type="text" maxlength="5" name="code" tabindex="3" />
+	<span class="fa fa-unlock"></span>
+	<span class="span-icon-security inline-block">
+	<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />
+	</span>
+	<span class="nowrap inline-block">
+	<img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
+	<a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4" data-role="button"><?php echo $captcha_refresh; ?></a>
 	</span>
-	</td>
-	<td><img src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" /></td>
-	<td><a href="<?php echo $php_self; ?>" tabindex="4" data-role="button"><?php echo $captcha_refresh; ?></a></td>
-	</tr>
-	</table>
 
 	</div></div>
 <?php } ?>
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php
index d7d7e2f7ef3..f11e01c7d13 100644
--- a/htdocs/core/tpl/passwordforgotten.tpl.php
+++ b/htdocs/core/tpl/passwordforgotten.tpl.php
@@ -107,8 +107,7 @@ if ($disablenofollow) echo '</a>';
 <div class="trinputlogin">
 <div class="tagtd nowraponall center valignmiddle tdinputlogin">
 <!-- <span class="span-icon-user">-->
-<span class="fa fa-user">
-</span>
+<span class="fa fa-user"></span>
 <input type="text" placeholder="<?php echo $langs->trans("Login"); ?>" <?php echo $disabled; ?> id="username" name="username" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($username); ?>" tabindex="1" />
 </div>
 </div>
@@ -135,22 +134,20 @@ if (!empty($morelogincontent)) {
 	$php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time
 	if (preg_match('/\?/', $php_self)) $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');
 	else $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');
+	// TODO: provide accessible captcha variants
 	?>
 	<!-- Captcha -->
 	<div class="trinputlogin">
-	<div class="tdinputlogin nowraponall none center valignmiddle tdinputlogin">
+	<div class="tagtd tdinputlogin nowraponall none valignmiddle">
 
-	<table class="login_table_securitycode centpercent">
-	<tr class="valignmiddle">
-	<td>
-	<!-- <span class="span-icon-security"> -->
-	<span class="nofa">
-	<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width100" type="text" maxlength="5" name="code" tabindex="3" />
+	<span class="fa fa-unlock"></span>
+	<span class="nofa inline-block">
+	<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />
+	</span>
+	<span class="nowrap inline-block">
+	<img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
+	<a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a>
 	</span>
-	</td>
-	<td><img src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" /></td>
-	<td><a href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a></td>
-	</tr></table>
 
 	</div></div>
 <?php } ?>
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index a0203c24cf1..1b104ce95dd 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -1220,6 +1220,7 @@ table[summary="list_of_modules"] .fa-cog {
 .width50  { width: 50px; }
 .width75  { width: 75px; }
 .width100 { width: 100px; }
+.width125 { width: 125px; }
 .width150 { width: 150px; }
 .width200 { width: 200px; }
 .maxwidth25  { max-width: 25px; }
diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php
index 4f85b78a872..ad0b03366db 100644
--- a/htdocs/theme/md/style.css.php
+++ b/htdocs/theme/md/style.css.php
@@ -1213,6 +1213,7 @@ table[summary="list_of_modules"] .fa-cog {
 .width50  { width: 50px; }
 .width75  { width: 75px; }
 .width100 { width: 100px; }
+.width125 { width: 125px; }
 .width150 { width: 150px; }
 .width200 { width: 200px; }
 .maxwidth25  { max-width: 25px; }
diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php
index 015551693bd..2c14d2d07f5 100644
--- a/htdocs/webservices/admin/index.php
+++ b/htdocs/webservices/admin/index.php
@@ -62,13 +62,16 @@ if ($actionsave)
 llxHeader();
 
 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
+
 print load_fiche_titre($langs->trans("WebServicesSetup"), $linkback, 'title_setup');
 
 print '<span class="opacitymedium">'.$langs->trans("WebServicesDesc")."</span><br>\n";
 print "<br>\n";
 
-print '<form name="agendasetupform" action="'.$_SERVER["PHP_SELF"].'" method="post">';
+print '<form name="agendasetupform" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
+print '<input type="hidden" name="action" value="save">';
+
 print '<table class="noborder centpercent">';
 
 print '<tr class="liste_titre">';
@@ -78,7 +81,7 @@ print "<td>".$langs->trans("Value")."</td>";
 print "<td>&nbsp;</td>";
 print "</tr>";
 
-print '<tr class="impair">';
+print '<tr class="oddeven">';
 print '<td class="fieldrequired">'.$langs->trans("KeyForWebServicesAccess").'</td>';
 print '<td><input type="text" class="flat" id="WEBSERVICES_KEY" name="WEBSERVICES_KEY" value="'.(GETPOST('WEBSERVICES_KEY') ?GETPOST('WEBSERVICES_KEY') : (!empty($conf->global->WEBSERVICES_KEY) ? $conf->global->WEBSERVICES_KEY : '')).'" size="40">';
 if (!empty($conf->use_javascript_ajax))