CVE-2025-13648

Sažetak

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html resulting in a stored XSS. This issue affects ZeusWeb: 6.1.31.

Reference

https://www.hackrtu.com/blog/CNA-CVE-2025-13648/
https://www.hackrtu.com/blog/CNA-HRTU-0001/
https://www.microcom360.com/servicio-zeus-web/
https://zeus.microcom.es:4040/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

11-02-2026 - 15:27

Objavljeno

11-02-2026 - 09:15