Skip to main content

Zeusweb

4 CVEs product

Monthly

CVE-2025-13651 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data.

Information Disclosure Zeusweb
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-13650 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13649 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13648 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS.

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data.

Information Disclosure Zeusweb
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS.

XSS Zeusweb
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy