CVE-2025-59766 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_LT.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which, when visited by a victim, executes in the victim's browser context. This reflected XSS does not require prior authentication or privileges and can be triggered simply by user interaction with a malicious link. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact is primarily on confidentiality and integrity of the victim's session or data accessible via the browser, with limited impact on availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is assigned by INCIBE and publicly disclosed on October 2, 2025.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed in the context of the victim's browser session. Since e-TMS is a transport management system, attackers could leverage XSS to steal sensitive logistics or operational data, manipulate user sessions, or conduct phishing campaigns targeting employees. The reflected nature means attackers must entice users to click malicious links, which can be distributed via email or other communication channels. While the vulnerability does not directly compromise backend systems, successful exploitation can lead to lateral movement or further compromise if attackers gain access to user credentials or session tokens. The medium severity indicates a moderate risk, but the operational impact could be significant for organizations relying heavily on e-TMS for supply chain and transport management, especially those with high-value or sensitive logistics data.

1. Immediate mitigation should include implementing input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') within the '/clt/LOGINFRM_LT.ASP' page to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 3. Educate users to be cautious about clicking unsolicited or suspicious links, especially those purporting to be related to transport or logistics operations. 4. Monitor web server logs for unusual query parameters or repeated attempts to exploit these parameters. 5. Coordinate with AndSoft for timely patch deployment once available, and consider temporary workarounds such as web application firewall (WAF) rules to detect and block malicious payloads targeting these parameters. 6. Review and enhance email filtering to reduce phishing attempts that could deliver malicious URLs exploiting this vulnerability.