Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

#ffb98d57-deaa-4918-a669-5225ccc13e39

Security Advisories

Reported CVEsVendorsProductsReports
4Vulnerabilities found
CVE-2025-13651
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
ShareView Details
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 09:06
Updated-11 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LEAK OF SENSITIVE INFORMATION ON MICROCOM'S ZEUSWEB

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.

Action-Not Available
Vendor-Microcom
Product-ZeusWeb
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-13650
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
ShareView Details
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 09:05
Updated-11 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

Action-Not Available
Vendor-Microcom
Product-ZeusWeb
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13649
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
ShareView Details
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 09:05
Updated-11 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

Action-Not Available
Vendor-Microcom
Product-ZeusWeb
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13648
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
ShareView Details
Assigner-ffb98d57-deaa-4918-a669-5225ccc13e39
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 09:05
Updated-11 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS. This issue affects ZeusWeb: 6.1.31.

Action-Not Available
Vendor-Microcom
Product-ZeusWeb
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')