CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-13649

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.hackrtu.com/blog/CNA-CVE-2025-13649/
https://www.hackrtu.com/blog/CNA-HRTU-0001/
https://www.microcom360.com/servicio-zeus-web/
https://zeus.microcom.es:4040/

Products affected by CVE-2025-13649

Microcom360 » Zeusweb » Version: 6.1.31

cpe:2.3:a:microcom360:zeusweb:6.1.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13649

Products

Pricing

Contact Us