CVE-2025-13648

Medium CVSS: 4.8

An attacker with access to the web application ZeusWeb of the provider Microcom

(in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html resulting in a stored XSS.
This issue affects ZeusWeb: 6.1.31.

Vendor

Microcom360

Product

Zeusweb

CWE

CWE-79

Yayın Tarihi

2026-02-11 09:15:49

Güncelleme

2026-03-17 20:22:55

Source Identifier

ffb98d57-deaa-4918-a669-5225ccc13e39

KEV Date Added

Kategoriler

CWE-79 Zeusweb MEDIUM Microcom360 2026

Referanslar

https://www.hackrtu.com/blog/CNA-CVE-2025-13648/ https://www.hackrtu.com/blog/CNA-HRTU-0001/ https://www.microcom360.com/servicio-zeus-web/ https://zeus.microcom.es:4040/

Benzer Kayıtlar

Medium

CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not neces…

Medium

CVE-2025-13651

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Applicati…

Medium

CVE-2025-13649

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not nec…