PT-2026-6905 · Unknown · Loggro Pymes
Published
2026-02-07
·
Updated
2026-02-09
·
CVE-2026-1960
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Loggro Pymes (affected versions not specified)
Description
A stored Cross-Site Scripting (XSS) issue exists in Loggro Pymes. The issue is related to the 'Facebook' parameter within the
/loggrodemo/jbrain/ConsultaTerceros API endpoint. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The Facebook parameter is the entry point for the attack.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Loggro Pymes