2 matches found
CVE-2025-59735
CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...
PT-2025-40377
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected...