CVE-2025-41348 – Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

CVE ID : CVE-2025-41348

Published : Nov. 18, 2025, 12:15 p.m. | 49 minutes ago

Description : SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters ‘val1’ and ‘cont in ‘/WinplusPortal/ws/sWinplus.svc/json/getacumper_post’.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…