QwikSec

Security Database

CVE

CWE

Training

CVE-2025-13649

Published: Feb 11, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.

Vendor	Product	Versions
Microcom	ZeusWeb	affected `6.1.31`

Weaknesses (CWE)

References

https://www.hackrtu.com/blog/CNA-HRTU-0001/

technical-description

patch

https://www.hackrtu.com/blog/CNA-CVE-2025-13649/

technical-description

patch

https://zeus.microcom.es:4040/

product

https://www.microcom360.com/servicio-zeus-web/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.