{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T15:49:37.208","vulnerabilities":[{"cve":{"id":"CVE-2025-13648","sourceIdentifier":"ffb98d57-deaa-4918-a669-5225ccc13e39","published":"2026-02-11T09:15:49.793","lastModified":"2026-03-17T20:22:55.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker with access to the web application ZeusWeb of the provider Microcom\n\n (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL:  https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS.\nThis issue affects ZeusWeb: 6.1.31."},{"lang":"es","value":"Un atacante con acceso a la aplicación web ZeusWeb del proveedor Microcom (en este caso, se requiere registro) que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando una carga útil de XSS en los parámetros 'Name' y 'Surname' dentro de la sección 'My Account' en la URL: https://zeus.microcom.es:4040/administracion-estaciones.html lo que resultaría en un XSS almacenado.\nEste problema afecta a ZeusWeb: 6.1.31."}],"metrics":{"cvssMetricV40":[{"source":"ffb98d57-deaa-4918-a669-5225ccc13e39","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"ffb98d57-deaa-4918-a669-5225ccc13e39","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microcom360:zeusweb:6.1.31:*:*:*:*:*:*:*","matchCriteriaId":"F47C892A-012D-4BFD-8C7A-36F2AA3E34B8"}]}]}],"references":[{"url":"https://www.hackrtu.com/blog/CNA-CVE-2025-13648/","source":"ffb98d57-deaa-4918-a669-5225ccc13e39","tags":["Third Party Advisory"]},{"url":"https://www.hackrtu.com/blog/CNA-HRTU-0001/","source":"ffb98d57-deaa-4918-a669-5225ccc13e39","tags":["Third Party Advisory"]},{"url":"https://www.microcom360.com/servicio-zeus-web/","source":"ffb98d57-deaa-4918-a669-5225ccc13e39","tags":["Product"]},{"url":"https://zeus.microcom.es:4040/","source":"ffb98d57-deaa-4918-a669-5225ccc13e39","tags":["Permissions Required"]}]}}]}