2 matches found
CVE-2025-59768 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59767
CVE-2025-59767 : AndSoft e-TMS is vulnerable to a reflected XSS in v25.03. The issue arises from lack of proper input filtering/escaping in parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the endpoint /clt/LOGINFRM_LVE.ASP. An attacker can lure a user to a malicious URL to execute JavaSc...