EUVD-2025-32139

Malicious code in bioql PyPI...

CVE-2025-59767

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59755

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59766

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The issue arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within /clt/LOGINFRM_LT.ASP, allowing an attacker to induce JavaScript execution in a victi...

CVE-2025-59758

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The flaw occurs in the /clt/LOGINFRM_CYLOG.ASP endpoint, where user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn can be echoed into the victim’s browser, enabling JavaScript execution via a malicious ...

CVE-2025-59756 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59753

The CVE-2025-59753 entries describe a reflected Cross-Site Scripting (XSS) vulnerability in AndSoft e-TMS v25.03. The issue stems from insufficient filtering/escaping of user-supplied data in parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within /clt/LOGINFRM_BET.ASP, allowing an attacker ...

CVE-2025-59749 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in...

CVE-2025-59746 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'...

CVE-2025-59746

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The issue arises from lack of proper filtering/escaping of user data in the m parameter of /lib/asp/alert.asp, allowing an attacker to execute JavaScript in a victim’s browser via a malicious URL. Public documents (NVD/CNVD/CNNVD/...

CVE-2025-59744

AndSoft e-TMS v25.03 suffers a path traversal in the docurl parameter of /lib/asp/DOCSAVEASASP.ASP, due to insufficient filtering of path elements. This allows access to files within the web root. Documented in multiple sources (NVD/CNVD/CNNVD) with no explicit remediation details provided in the...

CVE-2025-59736

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...

CVE-2025-59740

AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...

CVE-2025-59740 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMCAT.ASP'...

CVE-2025-59737 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMLXA.ASP'...

CVE-2025-59735

CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...

PT-2025-40381

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

PT-2025-40377

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected...

PT-2025-40392

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that could allow an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

PT-2025-40374

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a user's browser. This is achieved by sending a malicious URL to a victim. The vulnerability is reflected in the...