44 matches found
CVE-2025-59757
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59750
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59772
AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability in the /clt/LOGINFRM_SIL.ASP endpoint. The issue arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn, allowing an attacker to execute JavaScript in a vict...
CVE-2025-59767 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59765 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59764
AndSoft e-TMS v25.03 has a reflected XSS vulnerability in the LOGINFRM_FCC.ASP endpoint, caused by insufficient filtering/escaping of user-supplied data in the l, demo, demo2, TNTLOGIN, UO and SuppConn parameters. An attacker can entice a user to visit a crafted URL to execute JavaScript in the v...
CVE-2025-59762
CVE-2025-59762 is a reflected XSS in AndSoft e-TMS v25.03. The vulnerability stems from insufficient validation of the parameters l, demo, demo2, TNTLOGIN, UO and SuppConn in /clt/LOGINFRM_DLG.ASP, enabling an attacker to inject JavaScript via a malicious URL. Documented across NVD/CVE records an...
CVE-2025-59757 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59755
CVE-2025-59755 traces to an XSS in AndSoft e-TMS v25.03. The vulnerability is a reflected XSS caused by lack of proper filtering/escaping for parameters l, demo, demo2, TNTLOGIN, UO, SuppConn in /clt/LOGINFRM_CAT.ASP, enabling JavaScript execution via a malicious URL. Connected reports from CNVD/...
CVE-2025-59754
AndSoft e-TMS v25.03 is affected by an XSS vulnerability that is reflected via the endpoints in file /clt/LOGINFRM_original.ASP. The vulnerability arises from insufficient input filtering/escaping for the parameters l , demo , demo2 , TNTLOGIN , UO , and SuppConn , allowing an attacker to cause J...
CVE-2025-59753 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59750 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59738
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...
CVE-2025-59736
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...
CVE-2025-59739 Multiple vulnerabilities in AndSoft's e-TMS
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in...
CVE-2025-59737 Multiple vulnerabilities in AndSoft's e-TMS
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMLXA.ASP'...
AndSoft e-TMS 跨站脚本漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
PT-2025-40392
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that could allow an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...
PT-2025-40373
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...
PT-2025-40378
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...