Search criteria
40 vulnerabilities by AndSoft
CVE-2025-59774 (GCVE-0-2025-59774)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:48 – Updated: 2025-10-02 15:40
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_VON.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:16:38.562591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:40:55.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_VON.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_VON.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:48:21.842Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59774",
"datePublished": "2025-10-02T14:48:21.842Z",
"dateReserved": "2025-09-19T11:43:30.395Z",
"dateUpdated": "2025-10-02T15:40:55.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59773 (GCVE-0-2025-59773)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:47 – Updated: 2025-10-02 15:41
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_TP.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:17:01.215072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:41:03.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_TP.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_TP.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:47:52.132Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59773",
"datePublished": "2025-10-02T14:47:52.132Z",
"dateReserved": "2025-09-19T11:43:30.395Z",
"dateUpdated": "2025-10-02T15:41:03.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59772 (GCVE-0-2025-59772)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:46 – Updated: 2025-10-02 15:41
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_SIL.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:17:14.303065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:41:11.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_SIL.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_SIL.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:46:29.504Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59772",
"datePublished": "2025-10-02T14:46:29.504Z",
"dateReserved": "2025-09-19T11:43:30.395Z",
"dateUpdated": "2025-10-02T15:41:11.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59771 (GCVE-0-2025-59771)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:42 – Updated: 2025-10-02 15:41
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MRK.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:17:28.228080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:41:17.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_MRK.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_MRK.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:42:31.892Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59771",
"datePublished": "2025-10-02T14:42:31.892Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:41:17.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59770 (GCVE-0-2025-59770)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:41 – Updated: 2025-10-02 15:41
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MON.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:18:10.213573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:41:24.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_MON.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_MON.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:41:43.808Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59770",
"datePublished": "2025-10-02T14:41:43.808Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:41:24.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59769 (GCVE-0-2025-59769)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:39 – Updated: 2025-10-02 15:41
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MOL.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:18:21.508728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:41:31.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_MOL.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_MOL.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:39:37.620Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59769",
"datePublished": "2025-10-02T14:39:37.620Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:41:31.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59768 (GCVE-0-2025-59768)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:39 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MNG.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:18:41.354260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:05.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_MNG.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_MNG.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:39:08.452Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59768",
"datePublished": "2025-10-02T14:39:08.452Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:43:05.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59767 (GCVE-0-2025-59767)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:38 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LVE.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:18:55.500467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:13.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_LVE.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_LVE.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:38:43.377Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59767",
"datePublished": "2025-10-02T14:38:43.377Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:43:13.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59766 (GCVE-0-2025-59766)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:38 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:19:15.668224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:21.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_LT.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_LT.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:38:00.891Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59766",
"datePublished": "2025-10-02T14:38:00.891Z",
"dateReserved": "2025-09-19T11:43:30.394Z",
"dateUpdated": "2025-10-02T15:43:21.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59765 (GCVE-0-2025-59765)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:37 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:19:45.419715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:31.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_LF.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_LF.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:37:29.171Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59765",
"datePublished": "2025-10-02T14:37:29.171Z",
"dateReserved": "2025-09-19T11:43:30.393Z",
"dateUpdated": "2025-10-02T15:43:31.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59764 (GCVE-0-2025-59764)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:36 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:19:59.726727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:38.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_FCC.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_FCC.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:36:56.961Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59764",
"datePublished": "2025-10-02T14:36:56.961Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:43:38.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59763 (GCVE-0-2025-59763)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:36 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:20:19.157556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:45.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_EK.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_EK.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:36:12.640Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59763",
"datePublished": "2025-10-02T14:36:12.640Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:43:45.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59762 (GCVE-0-2025-59762)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:35 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:20:29.898891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:52.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_DLG.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_DLG.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:35:39.228Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59762",
"datePublished": "2025-10-02T14:35:39.228Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:43:52.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59761 (GCVE-0-2025-59761)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:35 – Updated: 2025-10-02 15:43
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DLG.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:20:46.461319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:43:59.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_DLG.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_DLG.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:35:18.157Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59761",
"datePublished": "2025-10-02T14:35:18.157Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:43:59.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59760 (GCVE-0-2025-59760)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:34 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DHL.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:21:34.373880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:08.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_DHL.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_DHL.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:34:51.879Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59760",
"datePublished": "2025-10-02T14:34:51.879Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:44:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59759 (GCVE-0-2025-59759)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:34 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DELCROIX.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:21:45.586753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:15.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_DELCROIX.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_DELCROIX.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:34:21.531Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59759",
"datePublished": "2025-10-02T14:34:21.531Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:44:15.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59758 (GCVE-0-2025-59758)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:34 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CYLOG.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:22:02.753160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:23.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_CYLOG.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_CYLOG.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:34:01.160Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59758",
"datePublished": "2025-10-02T14:34:01.160Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:44:23.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59757 (GCVE-0-2025-59757)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:30 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CATOLD.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:22:33.333191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:30.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_CATOLD.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_CATOLD.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:30:15.137Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59757",
"datePublished": "2025-10-02T14:30:15.137Z",
"dateReserved": "2025-09-19T11:43:28.892Z",
"dateUpdated": "2025-10-02T15:44:30.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59756 (GCVE-0-2025-59756)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:27 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in 'SuppConn in /clt/LOGINFRM_CON.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:22:45.750065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:42.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027SuppConn in /clt/LOGINFRM_CON.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027SuppConn in /clt/LOGINFRM_CON.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:30:40.153Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59756",
"datePublished": "2025-10-02T14:27:47.919Z",
"dateReserved": "2025-09-19T11:43:28.891Z",
"dateUpdated": "2025-10-02T15:44:42.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59755 (GCVE-0-2025-59755)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:27 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CAT.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:22:57.357474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:50.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_CAT.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_CAT.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:27:24.746Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59755",
"datePublished": "2025-10-02T14:27:24.746Z",
"dateReserved": "2025-09-19T11:43:28.891Z",
"dateUpdated": "2025-10-02T15:44:50.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59754 (GCVE-0-2025-59754)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:26 – Updated: 2025-10-02 15:44
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_original.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:23:09.814706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:44:57.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_original.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_original.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:31:39.381Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59754",
"datePublished": "2025-10-02T14:26:56.536Z",
"dateReserved": "2025-09-19T11:43:20.998Z",
"dateUpdated": "2025-10-02T15:44:57.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59753 (GCVE-0-2025-59753)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:25 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_BET.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:23:19.763390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:04.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_BET.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_BET.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:32:07.696Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59753",
"datePublished": "2025-10-02T14:25:33.408Z",
"dateReserved": "2025-09-19T11:43:20.998Z",
"dateUpdated": "2025-10-02T15:45:04.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59752 (GCVE-0-2025-59752)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:25 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LXA.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:23:38.970824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:11.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_LXA.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_LXA.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:32:29.089Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59752",
"datePublished": "2025-10-02T14:25:11.985Z",
"dateReserved": "2025-09-19T11:43:20.998Z",
"dateUpdated": "2025-10-02T15:45:11.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59751 (GCVE-0-2025-59751)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:24 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DJO.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:23:50.848343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:18.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM_DJO.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM_DJO.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:33:04.426Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59751",
"datePublished": "2025-10-02T14:24:41.512Z",
"dateReserved": "2025-09-19T11:43:20.998Z",
"dateUpdated": "2025-10-02T15:45:18.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59750 (GCVE-0-2025-59750)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:24 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:24:04.998752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:25.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u0026nbsp;\u0027/clt/LOGINFRM.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027l, demo, demo2, TNTLOGIN, UO and SuppConn\u0027 parameters in\u00a0\u0027/clt/LOGINFRM.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:33:38.911Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59750",
"datePublished": "2025-10-02T14:24:15.272Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:45:25.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59749 (GCVE-0-2025-59749)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:23 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/TRACK_REQUEST.ASP'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:24:43.753949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:31.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is \u0027l\u0027 parameter in \u0027/clt/TRACK_REQUEST.ASP\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is \u0027l\u0027 parameter in \u0027/clt/TRACK_REQUEST.ASP\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:23:26.679Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59749",
"datePublished": "2025-10-02T14:23:26.679Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:45:31.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59748 (GCVE-0-2025-59748)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:21 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in '/clt/changepassword.asp'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:24:58.669244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:37.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is \u0027l\u0027 and \u0027reset\u0027 parameters in \u0027/clt/changepassword.asp\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is \u0027l\u0027 and \u0027reset\u0027 parameters in \u0027/clt/changepassword.asp\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:21:53.364Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59748",
"datePublished": "2025-10-02T14:21:53.364Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:45:37.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59747 (GCVE-0-2025-59747)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:21 – Updated: 2025-10-02 15:45
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/resetPassword.asp'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:25:19.725515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:45:44.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is \u0027l\u0027 parameter in \u0027/clt/resetPassword.asp\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is \u0027l\u0027 parameter in \u0027/clt/resetPassword.asp\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:21:17.682Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59747",
"datePublished": "2025-10-02T14:21:17.682Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:45:44.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59746 (GCVE-0-2025-59746)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:20 – Updated: 2025-10-02 15:46
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:25:28.138104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:46:17.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u0026nbsp;The relationship between parameter and assigned identifier is\u0026nbsp;\u0027m\u0027 parameter in \u0027/lib/asp/alert.asp\u0027.\u003cbr\u003e"
}
],
"value": "Cross-site scripting (XSS) vulnerability reflected in AndSoft\u0027s e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim\u0027s browser by sending them a malicious URL.\u00a0The relationship between parameter and assigned identifier is\u00a0\u0027m\u0027 parameter in \u0027/lib/asp/alert.asp\u0027."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:20:51.841Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59746",
"datePublished": "2025-10-02T14:20:51.841Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:46:17.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59745 (GCVE-0-2025-59745)
Vulnerability from cvelistv5 – Published: 2025-10-02 14:18 – Updated: 2025-10-02 15:46
VLAI?
Title
Multiple vulnerabilities in AndSoft's e-TMS
Summary
Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Credits
Maximilian Hildebrand (m10x.de)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:25:51.276016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:46:49.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "e-TMS",
"vendor": "AndSoft",
"versions": [
{
"status": "affected",
"version": "v25.03 version"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Hildebrand (m10x.de)"
}
],
"datePublic": "2015-10-02T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in the cryptographic algorithm of AndSoft\u0027s e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.\u003cbr\u003e"
}
],
"value": "Vulnerability in the cryptographic algorithm of AndSoft\u0027s e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:18:52.916Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010.\u003cbr\u003e"
}
],
"value": "The vulnerability has been resolved in patches e-TMS VNL 25001 and VNL 25010."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in AndSoft\u0027s e-TMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-59745",
"datePublished": "2025-10-02T14:18:52.916Z",
"dateReserved": "2025-09-19T11:43:20.997Z",
"dateUpdated": "2025-10-02T15:46:49.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}