CVE-2025-41350
- EPSS 0.05%
- Veröffentlicht 18.11.2025 11:27:42
- Zuletzt bearbeitet 19.11.2025 19:11:04
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter...
CVE-2025-41349
- EPSS 0.05%
- Veröffentlicht 18.11.2025 11:26:23
- Zuletzt bearbeitet 19.11.2025 19:13:44
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter...
CVE-2025-41348
- EPSS 0.05%
- Veröffentlicht 18.11.2025 11:24:06
- Zuletzt bearbeitet 19.11.2025 19:14:35
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus....
CVE-2025-41347
- EPSS 0.06%
- Veröffentlicht 18.11.2025 11:15:46
- Zuletzt bearbeitet 19.11.2025 19:14:40
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.
CVE-2025-41346
- EPSS 0.06%
- Veröffentlicht 18.11.2025 10:15:49
- Zuletzt bearbeitet 19.11.2025 19:14:52
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting...