CVE-2025-41348
Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Informatica del Este · WinPlusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →