CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41347

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Products affected by CVE-2025-41347

Iest » Winplus » Version: 24.11.27

cpe:2.3:a:iest:winplus:24.11.27

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41347

Products

Pricing

Contact Us