CVE-2025-59760 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03, a transportation management system. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_DHL.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters. When a victim accesses this URL, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without authentication, requiring only user interaction (clicking the malicious link). The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no privileges required, but requiring user interaction and resulting in limited confidentiality impact. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is classified under CWE-79, indicating improper input sanitization during dynamic web content generation, a common vector for XSS attacks. Given the nature of e-TMS as a logistics and transportation management platform, exploitation could disrupt business operations or lead to data leakage through compromised user sessions.

For European organizations, especially those in logistics, supply chain management, and transportation sectors using AndSoft e-TMS v25.03, this vulnerability poses a risk of client-side script execution leading to session hijacking or credential theft. This could allow attackers to impersonate legitimate users, access sensitive shipment data, manipulate transportation schedules, or disrupt operational workflows. The reflected XSS could also be leveraged as a stepping stone for phishing campaigns targeting employees or partners, increasing the risk of broader compromise. While the vulnerability does not directly affect server integrity or availability, the confidentiality and integrity of user sessions and data are at risk. Given the critical role of transportation management in European commerce and industry, successful exploitation could cause operational delays, financial losses, and reputational damage. The requirement for user interaction (clicking a malicious link) means social engineering is a likely attack vector, emphasizing the need for user awareness. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities rapidly after disclosure.

1. Immediate mitigation should include implementing robust input validation and output encoding on the affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_DHL.ASP' page to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 3. Conduct thorough code reviews and penetration testing focused on XSS vectors within the application to identify and remediate similar issues. 4. Educate users on the risks of clicking unsolicited or suspicious links, especially those purporting to be related to logistics or shipment updates. 5. Monitor web server logs for unusual URL patterns that may indicate exploitation attempts. 6. Coordinate with AndSoft for timely patch deployment once available, and apply updates promptly. 7. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting the vulnerable parameters. 8. Implement multi-factor authentication (MFA) to reduce the impact of credential theft resulting from XSS attacks.