Telos Automated Message Handling System (AMHS) contains multiple XSS vulnerabilities and a database information disclosure vulnerability.
Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community (IC) security marking requirements. AMHS versions prior to version 220.127.116.11 contain multiple XSS vulnerabilities and also fail to properly restrict access to information about other users on the system.
Apply an update
These issues are addressed in AMHS version 18.104.22.168. Please contact Telos for update availability.
This document was written by Will Dormann.