CVE-2025-13649

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...

CVE-2025-13648

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is required who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the...

CVE-2025-13651 LEAK OF SENSITIVE INFORMATION ON MICROCOM'S ZEUSWEB

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31...

CVE-2025-13651

Technical details describing affected components, vulnerable functions, or remediation are not publicly provided in the supplied documents. Monitor for updates from vendors and public advisories.

CVE-2025-13650

CVE-2025-13650 describes an XSS vulnerability in ZeusWeb 6.1.31 from Microcom. An attacker who can access the web application can inject arbitrary JavaScript by supplying an XSS payload in the Surname field of the Create Account operation via https://zeus.microcom.es:4040/index.html?zeus6=true. T...

CVE-2025-13649

The CVE concerns ZeusWeb (provider Microcom) version 6.1.31 where an attacker with access to the web app can inject arbitrary JavaScript via an XSS payload in the Email field of the Recover password flow at the URL https://zeus.microcom.es:4040/index.html?zeus6=true. The vulnerability allows XSS ...