CVE-2025-41346
Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Informatica del Este · WinPlus¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →