CVE-2025-41349

Description

Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the descripcion parameter in /WinplusPortal/ws/sWinplus. svc/json/savesolpla_post. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.