Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for Automated Message Handling System by Telos
CVE-2019-9542 (GCVE-0-2019-9542)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in itemlookup.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:18.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in itemlookup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9542",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9542",
"datePublished": "2020-01-03T21:55:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9541 (GCVE-0-2019-9541)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System information disclosure in itemlookup.asp
Summary
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:18.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System information disclosure in itemlookup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9541",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System information disclosure in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9541",
"datePublished": "2020-01-03T21:55:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9539 (GCVE-0-2019-9539)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:17.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9539",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9539",
"datePublished": "2020-01-03T21:55:17.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9540 (GCVE-0-2019-9540)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in prefs.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:17.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in prefs.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9540",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in prefs.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9540",
"datePublished": "2020-01-03T21:55:17.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9537 (GCVE-0-2019-9537)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in uploaditem.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:16.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in uploaditem.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9537",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in uploaditem.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9537",
"datePublished": "2020-01-03T21:55:16.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9538 (GCVE-0-2019-9538)
Vulnerability from cvelistv5 – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:16.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9538",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9538",
"datePublished": "2020-01-03T21:55:16.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9542 (GCVE-0-2019-9542)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in itemlookup.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:18.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in itemlookup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9542",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9542",
"datePublished": "2020-01-03T21:55:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9541 (GCVE-0-2019-9541)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System information disclosure in itemlookup.asp
Summary
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:18.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System information disclosure in itemlookup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9541",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System information disclosure in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9541",
"datePublished": "2020-01-03T21:55:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9539 (GCVE-0-2019-9539)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:17.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9539",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9539",
"datePublished": "2020-01-03T21:55:17.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9540 (GCVE-0-2019-9540)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in prefs.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:17.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in prefs.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9540",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in prefs.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9540",
"datePublished": "2020-01-03T21:55:17.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9537 (GCVE-0-2019-9537)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in uploaditem.asp
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:16.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in uploaditem.asp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9537",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in uploaditem.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9537",
"datePublished": "2020-01-03T21:55:16.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9538 (GCVE-0-2019-9538)
Vulnerability from nvd – Published: 2020-01-03 21:55 – Updated: 2024-08-04 21:54
VLAI
Title
Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter
Summary
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/873161/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Telos | Automated Message Handling System |
Affected:
unspecified , < 4.1.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Message Handling System",
"vendor": "Telos",
"versions": [
{
"lessThan": "4.1.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T21:55:16.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#873161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9538",
"STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ": Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9538",
"datePublished": "2020-01-03T21:55:16.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}