Telos Automated Message Handling System reflected XSS in uploaditem.asp

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the uploaditem.asp page of the Telos Automated Message Handling System (AMHS). The application fails to properly neutralize user-supplied input during web page generation, allowing a remote attacker to inject arbitrary script into an AMHS session. This issue affects all AMHS versions prior to 4.1.5.5 [1].

Exploitation

An attacker can craft a malicious URI or upload a specially crafted message that contains embedded JavaScript. When an authenticated AMHS user views or interacts with the crafted content, the injected script executes within the context of that user's session. No special position beyond network access to the AMHS web interface is required; however, user interaction is necessary to trigger the payload (e.g., opening a message or visiting a crafted link) [1].

Impact

A successful attack allows the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, defacement, or exfiltration of sensitive data visible within the AMHS interface. The CVSS base score is 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N), indicating partial confidentiality and integrity impact but no availability impact [1].

Mitigation

Telos addressed these issues in AMHS version 4.1.5.5. Users should contact Telos to obtain the update. No workaround is documented in the available references [1].