Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Feb 18, 2026
Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
CVE-2025-41347
Description
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.
Affected products
2- Range: =24.11.27
- Informatica del Este/WinPlusv5Range: 24.11.27
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.