CVE-2026-1959 - Vulnerability Details

- Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes

Description

Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the

'descripción'

parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.

Published: 2026-02-09

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Loggro Pymes

unaffected

Version	Status	Constraints
`0`	affected	< 1.0.124

No data.

Vendor	Product	Confidence	Versions
Loggro Pymes	Loggro Pymes	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

The vulnerabilities have been fixed by Loggro Pymes team in version 1.0.124.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-loggro-pymes-web-application

History

Mon, 09 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.
Title		Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes
First Time appeared		Loggro Pymes Loggro Pymes loggro Pymes
Weaknesses		CWE-79
CPEs		cpe:2.3:a:loggro_pymes:loggro_pymes::::::::
Vendors & Products		Loggro Pymes Loggro Pymes loggro Pymes
References		https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-loggro-pymes-web-application
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

Subscriptions

Loggro Pymes Loggro Pymes

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2026-02-09T11:41:07.740Z

Updated: 2026-02-09T13:12:59.317Z

Reserved: 2026-02-05T10:39:17.734Z

Link: CVE-2026-1959

Vulnrichment

Updated: 2026-02-09T13:12:29.304Z

NVD

Status : Awaiting Analysis

Published: 2026-02-09T12:15:57.767

Modified: 2026-02-09T16:08:35.290

Link: CVE-2026-1959

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-10T12:23:40Z

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object