PT-2026-7509 · Microcom · Zeusweb
Published
2026-02-11
·
Updated
2026-02-11
·
CVE-2025-13650
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZeusWeb version 6.1.31
Description
An attacker with access to the ZeusWeb web application can inject arbitrary JavaScript code. This is achieved by injecting an XSS payload into the
Surname parameter of the ‘Create Account’ operation. The vulnerable URL is ''https://zeus.microcom.es:4040/index.html?zeus6=true''. No registration is required to perform this action.Recommendations
Apply a fix to the
Surname parameter input validation in the ‘Create Account’ operation to prevent the injection of JavaScript code.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zeusweb