Maximilian Hildebrand

**Name of the Vulnerable Software and Affected Versions** Kieback & Peter DDC building controllers (affected versions not specified) **Description** Cross-site scripting (XSS) allows JavaScript to be executed by the victim's browser, enabling an attacker to control the browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM DHL.ASP` endpoint, specifically through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Apply updates to address the issue in AndSoft e-TMS version 25.03.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is exploitable by sending a POST request to the '/clt/LOGINFRM LXA.ASP' endpoint with a malicious payload in the `m` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting (XSS) issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM DJO.ASP` endpoint and involves the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a user's browser. This is achieved by sending a malicious URL to a victim. The vulnerability is reflected in the `/clt/LOGINFRM BET.ASP` endpoint, specifically through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM BET.ASP` endpoint to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that could allow an attacker to execute JavaScript code in a user's browser. This is achieved by sending a malicious URL to a victim. The vulnerability is reflected in the `/clt/LOGINFRM DELCROIX.ASP` endpoint, specifically through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM DELCROIX.ASP` endpoint to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting (XSS) issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM LXA.ASP` endpoint and involves the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Apply a fix for AndSoft e-TMS version 25.03 to address the cross-site scripting issue. As a temporary workaround, sanitize the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM LXA.ASP` endpoint to prevent the injection of malicious JavaScript code.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting (XSS) issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the '/clt/LOGINFRM CAT.ASP' API endpoint. **Recommendations** Apply input validation and output encoding to the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the '/clt/LOGINFRM CAT.ASP' endpoint.

**Name of the Vulnerable Software and Affected Versions** AndSoft's e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is exploitable by sending a POST request to the '/clt/LOGINFRM original.ASP' endpoint with a malicious payload in the `m` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST request to the `/clt/LOGINFRM CAT.ASP` endpoint, specifically through the `m` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft's e-TMS version 25.03 **Description** An operating system command injection issue exists that allows an attacker to execute operating system commands on the server. This is achieved by sending a POST request to the `/CLT/LOGINERRORFRM.ASP` endpoint, utilizing the `m` parameter. **Recommendations** Apply a fix or patch to address the vulnerability in the `m` parameter of the `/CLT/LOGINERRORFRM.ASP` endpoint.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST request to the `/clt/LOGINFRM.ASP` API endpoint, specifically through the `m` parameter. **Recommendations** Apply a fix for AndSoft e-TMS version 25.03 to address the command injection issue.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST request to the `/clt/LOGINFRM DJO.ASP` endpoint, exploiting the `m` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting (XSS) issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM CYLOG.ASP` API endpoint, specifically through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Apply a fix for AndSoft e-TMS version 25.03 to address the cross-site scripting issue. As a temporary workaround, sanitize all input received through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM CYLOG.ASP` endpoint.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser by sending a malicious URL. The vulnerability is reflected through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters within the '/clt/LOGINFRM CON.ASP' file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM.ASP` endpoint, specifically through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all input received through the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM.ASP` endpoint.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST request to the ''/clt/LOGINFRM BET.ASP'' endpoint with a malicious payload in the `m` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM original.ASP` endpoint and involves the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The issue is related to the `l` parameter in the '/clt/TRACK REQUEST.ASP' API endpoint. **Recommendations** Apply a fix for AndSoft e-TMS version 25.03. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndSoft e-TMS version 25.03 **Description** A cross-site scripting (XSS) issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the `/clt/LOGINFRM CATOLD.ASP` endpoint, involving the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `l`, `demo`, `demo2`, `TNTLOGIN`, `UO`, and `SuppConn` parameters in the `/clt/LOGINFRM CATOLD.ASP` endpoint to prevent the injection of malicious scripts.