21 matches found
CVE-2025-63737
Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...
CVE-2025-63229
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...
PT-2025-47411
Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface is susceptible to a reflected Cross-Site Scripting XSS issue. An attacker can inject a malicious JavaScript payload into the ?m= query...
CVE-2025-63229
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23536)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from the lack of effective filtering and escaping of user-supplied data by parameter m in file /lib/asp/alert.asp, and can be exploited by an attacke...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23542)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMBET.ASP, which can be exploited by an attacker to execute operating system...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23540)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMDJO.ASP, which can be exploited by an attacker to execute operating system commands...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23563)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMoriginal.ASP, which can be exploited by an attacker to execute operating system...
EUVD-2025-32137
Malicious code in bioql PyPI...
CVE-2025-59739
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in...
CVE-2025-59740
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMCAT.ASP'...
CVE-2025-59738
AndSoft e-TMS v25.03 contains an OS command-injection vulnerability. The flaw originates from the misuse of the m parameter in the /clt/LOGINFRM_BET.ASP endpoint, exploitable via a POST request to run operating-system commands on the server. Public advisories (NVD, CNVD/CNNVD, CIRCL/CVE) confirm ...
CVE-2025-59736 Multiple vulnerabilities in AndSoft's e-TMS
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...
CVE-2025-59735
CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...
AndSoft e-TMS 跨站脚本漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from the lack of effective filtering and escaping of user-supplied data by parameter m in file /lib/asp/alert.asp, and can be exploited by an attacke...
AndSoft e-TMS 命令注入漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMDJO.ASP, which can be exploited by an attacker to execute operating system commands...
AndSoft e-TMS 命令注入漏洞
AndSoft e-TMS is a logistics management software from the Spanish company AndSoft. A command injection vulnerability exists in AndSoft e-TMS version v25.03, which originates from the incorrect operation of parameter m in file /clt/LOGINFRM.ASP, and could lead to an operating system command...
PT-2025-40356
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST...
AndSoft e-TMS 命令注入漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from improper manipulation of parameter m. An attacker can exploit this vulnerability by sending a POST request to execute an operati...
AndSoft e-TMS 命令注入漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability, which is due to program misuse of parameter m in file /CLT/LOGINERRORFRM.ASP, and can be exploited by an attacker to execute operating system comman...