Volerion logoVolerion
Volerion logoVolerion

AndSoft e-TMS Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in AndSoft's e-TMS version 25.03. This issue allows an attacker to execute JavaScript in the victim's browser by sending a malicious URL. The vulnerability is associated with the 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' parameters in '/clt/LOGINFRM_MOL.ASP'.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute arbitrary JavaScript in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, send a request to '/clt/LOGINFRM_MOL.ASP' with a crafted URL that includes the vulnerable parameters. The JavaScript code included in the URL will be executed in the victim's browser.

Remediation

Users can update to AndSoft e-TMS version 25.04, where this vulnerability has been fixed. For versions 25.01 and 25.10, patches are also available.

Added: Oct 2, 2025, 3:22 PM
Updated: Oct 2, 2025, 7:30 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
6.7
remediation
0.0
relevance
0.6
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.