CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

CVE-2025-13650 REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

CVE-2025-13650

CVE-2025-13650 describes an XSS vulnerability in ZeusWeb 6.1.31 from Microcom. An attacker who can access the web application can inject arbitrary JavaScript by supplying an XSS payload in the Surname field of the Create Account operation via https://zeus.microcom.es:4040/index.html?zeus6=true. T...

CVE-2025-13648

CVE-2025-13648 describes a stored XSS in ZeusWeb 6.1.31 from Microcom. An attacker with access to the web application can inject arbitrary JavaScript by submitting an XSS payload into the Name and Surname fields in the My Account section at https://zeus.microcom.es:4040/administracion-estaciones....

Microcom ZeusWeb 安全漏洞

Microcom ZeusWeb is a remote monitoring platform developed by the Spanish company Microcom. Version 6.1.31 of Microcom ZeusWeb contains a security vulnerability. This vulnerability stems from the injection of XSS payloads into the Surname parameter during the Create Account operation, which may...

CVE-2014-4033

Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2021-30211

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

eFront 3.6.14.4 (surname param) - Persistent XSS Vulnerability

No description provided by source. ? Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4 Date: 05 June 2014 Exploit Author: shyamkumar somana Vendor Homepage: http://www.efrontlearning.net Software Link:...

CVE-2014-4033

Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...

Cross site scripting

Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...

eFront 3.6.14.4 - 'surname' Persistent Cross-Site Scripting

​ Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4 Date: 05 June 2014 Exploit Author: shyamkumar somana Vendor Homepage: http://www.efrontlearning.net Software Link: https://sourceforge.net/projects/efrontlearning/files/latest/download Version: 3.6.14.4 Tested on:...

eFront 3.6.14.4 (surname param) - Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4 Date: 05 June 2014 Exploit Author: shyamkumar somana Vendor Homepage: http://www.efrontlearning.net Software Link:...