PT-2026-7509 · Microcom · Zeusweb
Publicado
2026-02-11
·
Atualizado
2026-02-11
·
CVE-2025-13650
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZeusWeb version 6.1.31
Description
An attacker with access to the ZeusWeb web application can inject arbitrary JavaScript code. This is achieved by injecting an XSS payload into the
Surname parameter of the ‘Create Account’ operation. The vulnerable URL is ''https://zeus.microcom.es:4040/index.html?zeus6=true''. No registration is required to perform this action.Recommendations
Apply a fix to the
Surname parameter input validation in the ‘Create Account’ operation to prevent the injection of JavaScript code.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zeusweb