Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp

Vulnerability

Telos Automated Message Handling System (AMHS) versions prior to 4.1.5.5 contain a stored cross-site scripting vulnerability in the ModalWindowPopup.asp page. The application fails to properly neutralize user-supplied input during web page generation, allowing arbitrary script to be embedded into an AMHS session. The vulnerability can be triggered without requiring any special configuration beyond a network connection to the web interface.

Exploitation

An unauthenticated remote attacker can craft a malicious URI containing JavaScript payloads. No authentication or user interaction beyond visiting a crafted link is required; the attacker injects the script into the ModalWindowPopup.asp endpoint, which then executes in the context of a victim's browser when the page is rendered. [1]

Impact

Successful exploitation permits arbitrary JavaScript execution within the victim's AMHS session, leading to potential session hijacking, data exfiltration, or further client-side attacks. The CERT/CC notes the confidentiality impact as partial, with no availability impact; the attacker gains script-level access but does not achieve direct server-side compromise. [1]

Mitigation

The vendor, Telos, addressed these issues in AMHS version 4.1.5.5. Users should contact Telos directly to obtain the update and apply it to all affected systems. No workarounds are documented in the available references. [1]