Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-13650
PUBLISHED
More InfoOfficial Page
Assigner-HackRTU
Assigner Org ID-ffb98d57-deaa-4918-a669-5225ccc13e39
View Known Exploited Vulnerability (KEV) details
Published At-11 Feb, 2026 | 09:05
Updated At-11 Feb, 2026 | 15:44
Rejected At-
▼CVE Numbering Authority (CNA)
REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

Affected Products
Vendor
Microcom
Product
ZeusWeb
Default Status
unknown
Versions
Affected
  • 6.1.31
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-63CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-63
Description: CAPEC-63 Cross-Site Scripting (XSS)
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions

The provider has implement the new version 6.2.5 which solves the security problems detected in the previous version. The end user does not need to perform any update actions, as the software is cloud-based and managed by the provider, who has implemented the new version for all users.

Configurations
Workarounds
Exploits
Credits
finder
Aarón Flecha Menéndez
finder
Víctor Bello Cuevas
Timeline
EventDate
Vulnerability detection by the researchers2025-11-06 11:00:00
Report from researchers to the CNA of HackRTU2025-11-11 11:00:00
Report from HackRTU CNA to the provider2025-11-12 15:00:00
Vulnerabilities published by HackRTU's CNA2026-02-11 09:10:00
Event: Vulnerability detection by the researchers
Date: 2025-11-06 11:00:00
Event: Report from researchers to the CNA of HackRTU
Date: 2025-11-11 11:00:00
Event: Report from HackRTU CNA to the provider
Date: 2025-11-12 15:00:00
Event: Vulnerabilities published by HackRTU's CNA
Date: 2026-02-11 09:10:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hackrtu.com/blog/CNA-HRTU-0001/
technical-description
patch
https://www.hackrtu.com/blog/CNA-CVE-2025-13650/
technical-description
patch
https://www.microcom360.com/servicio-zeus-web/
product
https://zeus.microcom.es:4040/
product
Hyperlink: https://www.hackrtu.com/blog/CNA-HRTU-0001/
Resource:
technical-description
patch
Hyperlink: https://www.hackrtu.com/blog/CNA-CVE-2025-13650/
Resource:
technical-description
patch
Hyperlink: https://www.microcom360.com/servicio-zeus-web/
Resource:
product
Hyperlink: https://zeus.microcom.es:4040/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found