Login Sign Up

CVE-2025-59751

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers to inject malicious JavaScript via specially crafted URLs containing the 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters. When victims click these links, the attacker can execute arbitrary code in their browser session. Organizations using the vulnerable e-TMS version are affected.

💻 Affected Systems

Products:
  • AndSoft e-TMS
Versions: v25.03
Operating Systems: Windows (ASP-based application)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the '/clt/LOGINFRM_DJO.ASP' endpoint with specific parameters.

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on victim systems.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized actions within the e-TMS application using stolen authentication tokens.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but has low technical complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: No

Instructions:

1. Contact AndSoft vendor for patch availability. 2. Apply vendor-provided security update. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation Filter

windows

Implement server-side input validation for the vulnerable parameters to reject malicious payloads.

[ASP code implementation required - no universal command]

Web Application Firewall (WAF)

all

Deploy WAF rules to block XSS payloads targeting the vulnerable endpoint.

[WAF-specific configuration required]

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to restrict script execution
  • Deploy network segmentation to limit access to vulnerable system

🔍 How to Verify

Check if Vulnerable:

Test by sending XSS payloads to '/clt/LOGINFRM_DJO.ASP' with vulnerable parameters and checking if they execute.

Check Version:

Check application version in interface or configuration files

Verify Fix Applied:

Retest with same XSS payloads after remediation; payloads should be sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual parameter values in '/clt/LOGINFRM_DJO.ASP' requests
  • JavaScript patterns in URL parameters

Network Indicators:

  • HTTP requests containing script tags or JavaScript in vulnerable parameters

SIEM Query:

web.url:*LOGINFRM_DJO.ASP* AND (web.param:*<script* OR web.param:*javascript:* OR web.param:*onerror=*)

📊 Metadata

CVE ID: CVE-2025-59751
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (16.4th percentile)
Published: October 2, 2025
Last Updated: October 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59751, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)