CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41349

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 32.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Products affected by CVE-2025-41349

Iest » Winplus » Version: 24.11.27

cpe:2.3:a:iest:winplus:24.11.27

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41349

Products

Pricing

Contact Us