Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure Posted Date: 19/02/2026 Identifier: INCIBE-2026-128 Importance: 3 - Medium Affected Resources WebMeasure Description INCIBE has coordinated the publication of a medium-severity vulnerability affecting Lewe WebMeasure. The vulnerability was discovered by Gonzalo Aguilar García (6h4ck). This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type: CVE-2025-40697: CVSS v4.0: 5.1 Solution The WebMeasure software is no longer available on the Lewe website and is no longer supported. Note The value of exploitability of each vulnerability corresponds to the moment of publication of this advisory. This value may have changed over time. References List Lewe - Web Applications, Plugins & Add-ons