← voltar
CVE-2025-41346

Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVSS 9.3 CRITICALEPSS 0.3%CWE-863
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
18 nov 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N