CVE: CVE-2025-13648 Severity: Medium Affected Solution: ZeusWeb from MICROCOM - Provider: MICROCOM - Specific Model: ZeusWeb - Affected Firmware Version: 6.1.31 Vulnerability Type: Stored Cross-Site Scripting (XSS) - CVSS v4.0 Score: 6.9 (Medium) - CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/Vl:L/VA:N/SC:N/SI:N/SA:N - CWE: 79 (Improper Neutralization of Input During Web Page Generation) - CAPEC: 63 (Cross-Site Scripting) Vulnerability Description: An attacker with access to the web application ZeusWeb can inject malicious JavaScript through the 'Name' and 'Surname' parameters, leading to a stored XSS. Mitigation: MICROCOM has released version 6.2.5, which addresses this vulnerability. No action is required by the end user as the software is cloud-based.