exploitDog

CVE-2025-41346

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iest:winplus:24.11.27:*:*:*:-:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-4486-rqpc-38g7

CVSS3: 9.8

github

3 месяца назад

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

EPSS

Процентиль: 19%

0.00059

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863