Telos Automated Message Handling System reflected XSS in prefs.asp

Vulnerability

The vulnerability is a cross-site scripting (XSS) issue in the prefs.asp page of Telos Automated Message Handling System (AMHS). Improper neutralization of user input allows an attacker to craft a malicious URI that, when visited by an authenticated user, injects arbitrary JavaScript into the AMHS session. Affected versions are prior to 4.1.5.5. [1]

Exploitation

An attacker requires no authentication but must trick a victim user into clicking a specially crafted link. The attacker can create a URI containing malicious script and deliver it via email or other means. The script executes in the context of the victim's AMHS session. [1]

Impact

Successful exploitation enables arbitrary JavaScript execution in the victim's browser within the AMHS session, potentially leading to session hijacking, defacement, or theft of sensitive information. The same vector may also allow access to information about other AMHS users. The CVSS base score is 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N), indicating partial confidentiality and integrity impact. [1]

Mitigation

The vulnerability is fixed in AMHS version 4.1.5.5. Users should contact Telos to obtain the update. No workarounds are documented in the available reference. [1]