CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/10/02 3:15 p.m.•1 views

CVE-2025-59755

6.1CVSS5.9AI score

CVE•added 2025/10/02 2:38 p.m.•9 views

CVE-2025-59766

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The issue arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within /clt/LOGINFRM_LT.ASP, allowing an attacker to induce JavaScript execution in a victi...

CVE•added 2025/10/02 2:34 p.m.•8 views

CVE-2025-59758

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The flaw occurs in the /clt/LOGINFRM_CYLOG.ASP endpoint, where user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn can be echoed into the victim’s browser, enabling JavaScript execution via a malicious ...

Vulnrichment•added 2025/10/02 2:27 p.m.•4 views

CVE-2025-59756 Multiple vulnerabilities in AndSoft's e-TMS

5.1CVSS6.1AI score0.00027EPSS

CVE•added 2025/10/02 2:25 p.m.•7 views

CVE-2025-59753

The CVE-2025-59753 entries describe a reflected Cross-Site Scripting (XSS) vulnerability in AndSoft e-TMS v25.03. The issue stems from insufficient filtering/escaping of user-supplied data in parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within /clt/LOGINFRM_BET.ASP, allowing an attacker ...

Cvelist•added 2025/10/02 2:23 p.m.•3 views

CVE-2025-59749 Multiple vulnerabilities in AndSoft's e-TMS

6.9CVSS0.00027EPSS

Vulnrichment•added 2025/10/02 2:20 p.m.•3 views

CVE-2025-59746 Multiple vulnerabilities in AndSoft's e-TMS

6.9CVSS6.1AI score0.00027EPSS

CVE•added 2025/10/02 2:20 p.m.•7 views

CVE-2025-59746

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The issue arises from lack of proper filtering/escaping of user data in the m parameter of /lib/asp/alert.asp, allowing an attacker to execute JavaScript in a victim’s browser via a malicious URL. Public documents (NVD/CNVD/CNNVD/...

6.9CVSS6.1AI score0.00027EPSS

CVE•added 2025/10/02 2:16 p.m.•11 views

CVE-2025-59744

AndSoft e-TMS v25.03 suffers a path traversal in the docurl parameter of /lib/asp/DOCSAVEASASP.ASP, due to insufficient filtering of path elements. This allows access to files within the web root. Documented in multiple sources (NVD/CNVD/CNNVD) with no explicit remediation details provided in the...

8.7CVSS6.6AI score0.00079EPSS

NVD•added 2025/10/02 2:15 p.m.•4 views

CVE-2025-59736

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...

9.8CVSS0.00298EPSS

CVE•added 2025/10/02 2:7 p.m.•14 views

CVE-2025-59740

AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...

9.8CVSS7.7AI score0.00298EPSS

Vulnrichment•added 2025/10/02 2:7 p.m.•3 views

CVE-2025-59740 Multiple vulnerabilities in AndSoft's e-TMS

9.3CVSS7.7AI score0.00298EPSS

Cvelist•added 2025/10/02 2:2 p.m.•4 views

CVE-2025-59737 Multiple vulnerabilities in AndSoft's e-TMS

9.3CVSS0.00298EPSS

CVE•added 2025/10/02 1:59 p.m.•10 views

CVE-2025-59735

CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...

9.8CVSS7.7AI score0.00298EPSS

Positive Technologies•added 2025/10/02 12:0 a.m.•3 views

PT-2025-40381

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS6.2AI score0.00027EPSS

Exploits0References3

Positive Technologies•added 2025/10/02 12:0 a.m.•3 views

PT-2025-40377

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected...

6.1CVSS6AI score0.00027EPSS

Exploits0References3

Positive Technologies•added 2025/10/02 12:0 a.m.•3 views

PT-2025-40392

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that could allow an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...