🔐 CVE Alert

CVE-2025-41348

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
14th

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.

CWE CWE-89
Vendor informatica del este
Product winplus
Published Nov 18, 2025
Last Updated Feb 18, 2026
Stay Ahead of the Next One

Get instant alerts for informatica del este winplus

Be the first to know when new unknown vulnerabilities affecting informatica del este winplus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Informatica del Este / WinPlus
24.11.27

References

NVD ↗ CVE.org ↗ EPSS Data ↗
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Credits

Daniel Cano Merchán