PT-2020-11363 · Telos · Telos Automated Message Handling System

Will Dormann

Published

2020-01-03

Updated

2021-10-26

CVE-2019-9541

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Telos Automated Message Handling System versions prior to 4.1.5.5

Description The issue allows a remote attacker to inject arbitrary script into an AMHS session due to an Information Exposure vulnerability in the itemlookup.asp of the Telos Automated Message Handling System.

Recommendations For versions prior to 4.1.5.5, update to version 4.1.5.5 or later to resolve the issue.

Fix

Information Disclosure

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-79

Related Identifiers

CVE-2019-9541

Affected Products

Telos Automated Message Handling System

PT-2020-11363 · Telos · Telos Automated Message Handling System

CVE-2019-9541

Weakness Enumeration

Related Identifiers

Affected Products

References · 3