Lucene search
K
IestWinplus

5 matches found

CVE
CVE
added 2025/11/18 10:4 a.m.18 views

CVE-2025-41346

CVE-2025-41346 pertains to WinPlus v24.11.27 from Informática del Este, where faulty authorization control allows impersonation of another user by simply knowing the numerical ID. The issue affects confidentiality, integrity, and availability of data stored in the application. Connected sources c...

9.8CVSS6.3AI score0.00279EPSS
CVE
CVE
added 2025/11/18 11:24 a.m.18 views

CVE-2025-41348

WinPlus v24.11.27 by Informática del Este is affected by an SQL injection vulnerability. The issue stems from insufficient sanitization in the POST endpoint /WinplusPortal/ws/sWinplus.svc/json/getacumper_post, using parameters val1 and cont, which could enable an attacker to recover, create, upda...

9.8CVSS7.7AI score0.00456EPSS
CVE
CVE
added 2025/11/18 11:6 a.m.15 views

CVE-2025-41347

CVE-2025-41347 affects WinPlus v24.11.27 from Informática del Este. A flaw permits uploading dangerous file types via POST to /WinplusPortal/ws/sWinplus.svc/json/uploadfile, enabling a possible webshell upload. Public records identify the root cause as an unrestricted upload vector. Remediation i...

9.8CVSS6.6AI score0.003EPSS
CVE
CVE
added 2025/11/18 11:26 a.m.14 views

CVE-2025-41349

CVE-2025-41349 affects WinPlus v24.11.27 by Informática del Este. A Stored XSS flaw arises from insufficient validation of the descripcion parameter sent via POST to the API endpoint /WinplusPortal/ws/sWinplus.svc/json/savesolpla_post, exploitable by a remote attacker against an authenticated use...

5.4CVSS5.2AI score0.00283EPSS
CVE
CVE
added 2025/11/18 11:27 a.m.9 views

CVE-2025-41350

CVE-2025-41350 describes a stored Cross-site Scripting (XSS) in WinPlus v24.11.27 by Informática del Este. The vulnerability arises from insufficient validation of user input in the POST parameter descripcion sent to the API endpoint /WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post . A remote,...

5.4CVSS5.2AI score0.00233EPSS