CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41346

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Products affected by CVE-2025-41346

Iest » Winplus » Version: 24.11.27

cpe:2.3:a:iest:winplus:24.11.27

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41346

Products

Pricing

Contact Us