CNNVD-202510-320 Information

CNNVD ID

CNNVD-202510-320

Related CVE

CVE-2025-59752

• CNNVD Published: 2025-10-02

Description (Chinese)

AndSoft e-TMS是西班牙AndSoft公司的一款物流管理软件。 AndSoft e-TMS v25.03版本存在跨站脚本漏洞，该漏洞源于对文件/clt/LOGINFRM_LXA.ASP中参数l、demo、demo2、TNTLOGIN、UO和SuppConn的输入验证不足，可能导致反射型跨站脚本攻击。

Description (English)

AndSoft e-TMS is a logistics management software for AndSoft in Spain. AndSoft e-TMS v25.03 has a cross-site script loophole, which results from inadequate input verification of the parameters l, demo, demo, demo2, TNTLOGIN, UO and SuppConn in the document/clt/LOGINFRM LXA.ASP, which may result in a cross-script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

AndSoft

Published

2025-10-02

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Patch

https://andsoft.es/es/solucio-1/menu-1/caracteristicas.html