πŸ” CVE Alert

CVE-2025-40697

UNKNOWN 0.0

Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CWE CWE-79
Vendor lewe
Product webmeasure
Published Feb 19, 2026
Last Updated Feb 24, 2026
Stay Ahead of the Next One

Get instant alerts for lewe webmeasure

Be the first to know when new unknown vulnerabilities affecting lewe webmeasure are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Lewe / WebMeasure
all versions

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-lewe-webmeasure

Credits

Gonzalo Aguilar GarcΓ­a (6h4ack)