CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.hackrtu.com/blog/CNA-CVE-2025-13650/	Third Party Advisory
https://www.hackrtu.com/blog/CNA-HRTU-0001/	Third Party Advisory
https://www.microcom360.com/servicio-zeus-web/	Product
https://zeus.microcom.es:4040/	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:microcom:zeusweb:6.1.31:*:*:*:*:*:*:*

History

16 Mar 2026, 18:21

Type	Values Removed	Values Added
First Time		Microcom Microcom zeusweb
CPE		cpe:2.3:a:microcom:zeusweb:6.1.31:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~() https://www.hackrtu.com/blog/CNA-CVE-2025-13650/ -~~	() https://www.hackrtu.com/blog/CNA-CVE-2025-13650/ - Third Party Advisory
References	~~() https://www.hackrtu.com/blog/CNA-HRTU-0001/ -~~	() https://www.hackrtu.com/blog/CNA-HRTU-0001/ - Third Party Advisory
References	~~() https://www.microcom360.com/servicio-zeus-web/ -~~	() https://www.microcom360.com/servicio-zeus-web/ - Product
References	~~() https://zeus.microcom.es:4040/ -~~	() https://zeus.microcom.es:4040/ - Permissions Required
Summary		(es) Un atacante con acceso a la aplicación web ZeusWeb del proveedor Microcom (en este caso, el registro no es necesario, pero la acción debe realizarse) que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando una carga útil XSS en el parámetro 'Surname' de la operación 'Create Account' en la URL: https://zeus.microcom.es:4040/index.html?zeus6=true . Este problema afecta a ZeusWeb: 6.1.31.

11 Feb 2026, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-11 09:15

Updated : 2026-03-16 18:21

NVD link : CVE-2025-13650

Mitre link : CVE-2025-13650

CVE.ORG link : CVE-2025-13650

JSON object : View

Products Affected

microcom

zeusweb

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10