🔐 CVE Alert

CVE-2025-41347

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
19th

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

CWE CWE-434
Vendor informatica del este
Product winplus
Published Nov 18, 2025
Last Updated Feb 18, 2026
Stay Ahead of the Next One

Get instant alerts for informatica del este winplus

Be the first to know when new unknown vulnerabilities affecting informatica del este winplus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Informatica del Este / WinPlus
24.11.27

References

NVD ↗ CVE.org ↗ EPSS Data ↗
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Credits

Daniel Cano Merchán