Cross-Site Scripting Vulnerability in AndSoft's e-TMS Application
CVE-2025-59767

5.1MEDIUM

Key Information:

Vendor

Andsoft

Status
E-tms
Vendor
CVE Published:
2 October 2025

What is CVE-2025-59767?

A cross-site scripting vulnerability exists in AndSoft's e-TMS version 25.03, enabling attackers to execute arbitrary JavaScript code in the browsers of users who click on carefully crafted malicious URLs. This flaw is related to specific parameters such as 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' in the '/clt/LOGINFRM_LVE.ASP' endpoint. As a result, this vulnerability poses significant risks, allowing for potential data exposure and user impersonation, necessitating immediate attention from affected users.

Affected Version(s)

e-TMS v25.03 version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update...

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maximilian Hildebrand (m10x.de)
JSON
.
CVE-2025-59767 : Cross-Site Scripting Vulnerability in AndSoft's e-TMS Application