Lewe WebMeasure: Malicious Code Can Be Injected Through URL

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.1

Lewe WebMeasure: Malicious Code Can Be Injected Through URL

CVE-2025-40697

Summary

The Lewe WebMeasure application has a security weakness that can allow an attacker to inject malicious code into a user's browser. This could potentially allow the attacker to steal sensitive information or take actions on the user's behalf. To protect your users, update Lewe WebMeasure to the latest version.

Original title

Original description

Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scriptin...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026