CVE-2026-1959

Name of the Vulnerable Software and Affected Versions Loggro Pymes version 1.0.124

Description A stored Cross-Site Scripting (XSS) issue exists in Loggro Pymes. The issue is located in the /loggrodemo/jbrain/MaestraCuentasBancarias API endpoint, specifically through the descripción parameter. Successful exploitation could allow an attacker to inject malicious scripts that execute in the context of other users' browsers.

Recommendations Update Loggro Pymes to a version that addresses this issue. As a temporary workaround, sanitize the descripción parameter to prevent the injection of malicious scripts.