CVE-2025-59750

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59750

AndSoft e-TMS (v25.03) suffers a reflected XSS in the login endpoint /clt/LOGINFRM.ASP. The vulnerability arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn, enabling an attacker to craft a URL that executes JavaScript ...

CVE-2025-59750 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

PT-2025-40355

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST...