← voltar
CVE-2025-13648

STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
11 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS. This issue affects ZeusWeb: 6.1.31.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Microcom · ZeusWeb

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.hackrtu.com/blog/CNA-CVE-2025-13648/https://www.hackrtu.com/blog/CNA-HRTU-0001/https://www.microcom360.com/servicio-zeus-web/https://zeus.microcom.es:4040/