🔐 CVE Alert

CVE-2025-41346

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
19th

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

CWE CWE-863
Vendor informatica del este
Product winplus
Published Nov 18, 2025
Last Updated Feb 18, 2026
Stay Ahead of the Next One

Get instant alerts for informatica del este winplus

Be the first to know when new unknown vulnerabilities affecting informatica del este winplus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Informatica del Este / WinPlus
24.11.27

References

NVD ↗ CVE.org ↗ EPSS Data ↗
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Credits

Daniel Cano Merchán