2 matches found
CVE-2025-41350
CVE-2025-41350 describes a stored Cross-site Scripting (XSS) in WinPlus v24.11.27 by Informática del Este. The vulnerability arises from insufficient validation of user input in the POST parameter descripcion sent to the API endpoint /WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post . A remote,...
PT-2025-47300
Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...