Vulnerabilities > Telos > Automated Message Handling System > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-03 CVE-2019-9542 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1
2020-01-03 CVE-2019-9541 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1
2020-01-03 CVE-2019-9540 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1
2020-01-03 CVE-2019-9539 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1
2020-01-03 CVE-2019-9538 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1
2020-01-03 CVE-2019-9537 Cross-site Scripting vulnerability in Telos Automated Message Handling System
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.
network
low complexity
telos CWE-79
6.1