Multiple vulnerabilities in the Loggro Pymes web application
Posted date 06/02/2026
Identificador
INCIBE-2026-097
Importance
3 - Medium
Affected Resources
Loggro Pymes, in versions prior to 1.0.124.
Description
INCIBE has coordinated the publication of 2 medium-severity vulnerabilities affecting the web application of Loggro Pymes, an company for business management. The vulnerabilities were discovered by David Padilla Alvarado.
These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:
- CVE-2026-1959 and CVE-2026-1960: 5.1 | CVSS:4.0/ AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution
The vulnerabilities have been fixed by Loggro Pymes team in version 1.0.124.
Detail
Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes. The relation of assigned parameters and identifiers is as follows:
- CVE-2026-1959: parameter 'descripción' in the endpoint '/loggrodemo/jbrain/MaestraCuentasBancarias'.
- CVE-2026-1960: parameter 'Facebook' in the endpoint '/loggrodemo/jbrain/ConsultaTerceros'.
CVE
| Identificador CVE | Severidad | Explotación | Fabricante |
|---|---|---|---|
| CVE-2026-1959 | Media | No | Loggro Pymes |
| CVE-2026-1960 | Media | No | Loggro Pymes |
References list
Etiquetas
