← volver
CVE-2025-41346

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS 9.3 CRITICALEPSS 0.3%CWE-863
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
18 nov 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N