CVE-2025-59772: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_SIL.ASP'.
CVE-2025-59772: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
Description
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_SIL.ASP'.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- INCIBE
- Date Reserved
- 2025-09-19T11:43:30.395Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68de921a9b49700e4c2875f8
Added to database: 10/2/2025, 2:54:18 PM
Last updated: 10/2/2025, 2:54:18 PM
Views: 1
Related Threats
CVE-2025-59774: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
MediumCVE-2025-59773: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
MediumCVE-2025-61087: n/a
MediumCVE-2025-59771: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
MediumCVE-2025-59770: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in AndSoft e-TMS
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.