CVE-2025-41349

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

16th

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

CWE	CWE-79
Vendor	informatica del este
Product	winplus
Published	Nov 18, 2025
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for informatica del este winplus

Be the first to know when new unknown vulnerabilities affecting informatica del este winplus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Informatica del Este / WinPlus

24.11.27

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Credits

Daniel Cano Merchán