CNNVD-202511-2073 Information

Nov 18, 2025 cve

CNNVD ID

CNNVD-202511-2073

CVE-2025-41349

CNNVD Published: 2025-11-18

Description (Chinese)

Informática del Este WinPlus是西班牙Informática del Este公司的一个人力资源管理平台。 Informática del Este WinPlus v24.11.27版本存在跨站脚本漏洞，该漏洞源于对参数descripcion的输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Informática del Este WinPlus is a human resources management platform of the Spanish company Informática del Este. Version Informática del Este WinPlus v24.11.27 contains a cross-site script loophole, which results from inadequate input verification of the parameter descripcion, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Informática del Este

Published

2025-11-18

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Share on: