Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter

Vulnerability

The Telos Automated Message Handling System (AMHS) versions prior to 4.1.5.5 contain a cross-site scripting (XSS) vulnerability in the cbURL parameter of the LDAP functionality. The application fails to properly neutralize user input during web page generation, allowing an attacker to inject arbitrary script into an AMHS session [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious URI containing JavaScript in the cbURL parameter. The attacker must then trick a victim into clicking the crafted link or visiting the malicious URI while authenticated to the AMHS system. No additional privileges or user interaction beyond the initial click are required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's AMHS session. This can lead to session hijacking, unauthorized actions on behalf of the victim, and disclosure of sensitive information about other AMHS users. The CVSS base score is 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N), indicating partial confidentiality and integrity impact [1].

Mitigation

The vulnerability is addressed in AMHS version 4.1.5.5. Users should contact Telos to obtain the update. No workarounds are documented in the available references [1].