ByteOS Network

NVD Vulnerability Details :

CVE-2025-13648

Awaiting Analysis

Source-ffb98d57-deaa-4918-a669-5225ccc13e39

Published At-11 Feb, 2026 | 09:15

Updated At-11 Feb, 2026 | 15:27

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html resulting in a stored XSS. This issue affects ZeusWeb: 6.1.31.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	ffb98d57-deaa-4918-a669-5225ccc13e39

CWE ID: CWE-79

Type: Secondary

Source: ffb98d57-deaa-4918-a669-5225ccc13e39

References

Hyperlink	Source	Resource
https://www.hackrtu.com/blog/CNA-CVE-2025-13648/	ffb98d57-deaa-4918-a669-5225ccc13e39	N/A
https://www.hackrtu.com/blog/CNA-HRTU-0001/	ffb98d57-deaa-4918-a669-5225ccc13e39	N/A
https://www.microcom360.com/servicio-zeus-web/	ffb98d57-deaa-4918-a669-5225ccc13e39	N/A
https://zeus.microcom.es:4040/	ffb98d57-deaa-4918-a669-5225ccc13e39	N/A