Lucene search
K

44 matches found

OSV
OSV
added 2025/10/02 3:15 p.m.7 views

CVE-2025-59757

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 3:15 p.m.7 views

CVE-2025-59750

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:46 p.m.31 views

CVE-2025-59772

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability in the /clt/LOGINFRM_SIL.ASP endpoint. The issue arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn, allowing an attacker to execute JavaScript in a vict...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/02 2:38 p.m.3 views

CVE-2025-59767 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS6.1AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 2:37 p.m.9 views

CVE-2025-59765 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:36 p.m.16 views

CVE-2025-59764

AndSoft e-TMS v25.03 has a reflected XSS vulnerability in the LOGINFRM_FCC.ASP endpoint, caused by insufficient filtering/escaping of user-supplied data in the l, demo, demo2, TNTLOGIN, UO and SuppConn parameters. An attacker can entice a user to visit a crafted URL to execute JavaScript in the v...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/02 2:35 p.m.12 views

CVE-2025-59762

CVE-2025-59762 is a reflected XSS in AndSoft e-TMS v25.03. The vulnerability stems from insufficient validation of the parameters l, demo, demo2, TNTLOGIN, UO and SuppConn in /clt/LOGINFRM_DLG.ASP, enabling an attacker to inject JavaScript via a malicious URL. Documented across NVD/CVE records an...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/02 2:30 p.m.12 views

CVE-2025-59757 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS6.1AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:27 p.m.18 views

CVE-2025-59755

CVE-2025-59755 traces to an XSS in AndSoft e-TMS v25.03. The vulnerability is a reflected XSS caused by lack of proper filtering/escaping for parameters l, demo, demo2, TNTLOGIN, UO, SuppConn in /clt/LOGINFRM_CAT.ASP, enabling JavaScript execution via a malicious URL. Connected reports from CNVD/...

6.9CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/02 2:26 p.m.16 views

CVE-2025-59754

AndSoft e-TMS v25.03 is affected by an XSS vulnerability that is reflected via the endpoints in file /clt/LOGINFRM_original.ASP. The vulnerability arises from insufficient input filtering/escaping for the parameters l , demo , demo2 , TNTLOGIN , UO , and SuppConn , allowing an attacker to cause J...

6.1CVSS6.1AI score0.00192EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/02 2:25 p.m.9 views

CVE-2025-59753 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 2:24 p.m.7 views

CVE-2025-59750 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS0.00181EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 2:15 p.m.4 views

CVE-2025-59738

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...

9.8CVSS5.9AI score0.01416EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 2:15 p.m.6 views

CVE-2025-59736

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...

9.8CVSS6AI score0.01416EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 2:3 p.m.4 views

CVE-2025-59739 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in...

9.3CVSS7.7AI score0.01416EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 2:2 p.m.6 views

CVE-2025-59737 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMLXA.ASP'...

9.3CVSS7.7AI score0.01416EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.4AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.8 views

PT-2025-40392

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that could allow an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.10 views

PT-2025-40373

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.11 views

PT-2025-40378

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References3
Rows per page
Query Builder