CVE-2025-13650
Stored XSS in ZeusWeb 6.1.31 'Surname' Parameter
Publication date: 2026-02-11
Last updated on: 2026-03-20
Assigner: ffb98d57-deaa-4918-a669-5225ccc13e39
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microcom360 | zeusweb | 6.1.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-13650 is a reflected Cross-Site Scripting (XSS) vulnerability in the ZeusWeb industrial SCADA solution from Microcom, specifically version 6.1.31.'}, {'type': 'paragraph', 'content': "An attacker who has access to the ZeusWeb web application can inject arbitrary JavaScript code by exploiting the 'Surname' parameter in the 'Create Account' operation at the URL https://zeus.microcom.es:4040/index.html?zeus6=true."}, {'type': 'paragraph', 'content': 'This injection occurs without requiring registration but does require the attacker to perform an action within the application.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and involves reflected XSS attacks.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser when interacting with the ZeusWeb application."}, {'type': 'paragraph', 'content': 'Potential impacts include theft of user session tokens, redirection to malicious sites, or performing actions on behalf of the user.'}, {'type': 'paragraph', 'content': 'However, the CVSS v4.0 base score of 5.1 indicates a medium severity with low impact on confidentiality and integrity, requiring low privileges and user interaction.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the 'Surname' parameter in the 'Create Account' operation of the ZeusWeb application for reflected Cross-Site Scripting (XSS) issues."}, {'type': 'paragraph', 'content': "A practical approach is to send HTTP requests to the URL https://zeus.microcom.es:4040/index.html?zeus6=true with an XSS payload injected into the 'Surname' parameter and observe if the payload is reflected and executed."}, {'type': 'paragraph', 'content': 'For example, you can use curl to send a test request with a simple XSS payload:'}, {'type': 'list_item', 'content': "curl -X POST 'https://zeus.microcom.es:4040/index.html?zeus6=true' -d 'Surname=<script>alert(1)</script>&other_parameters=values'"}, {'type': 'paragraph', 'content': 'If the response contains the injected script without proper sanitization, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to ensure that the ZeusWeb application is updated to version 6.2.5 or later, as Microcom has released this version to fix the vulnerability.'}, {'type': 'paragraph', 'content': 'Since ZeusWeb is cloud-based and managed by Microcom, end users typically do not need to take any update actions because the provider has already deployed the fixed version for all users.'}, {'type': 'paragraph', 'content': "Additionally, as a general best practice, restrict access to the web application to trusted users only and monitor for any suspicious activity involving the 'Create Account' operation."}] [1]