A client-side cross site scripting vulnerability has been discovered in the 123Contact Form web-application. The security vulnerability allows remote attackers to inject malicious script codes to client-side browser requests.
A client-side cross site scripting web vulnerability is located in the
Location input field. The web vulnerability
session credentials. The attacker can connect to a third account to trigger the issue without knowing the password.
The security risk of the xss vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.3. Exploitation of the non-persistent cross site scripting web vulnerability requires low or medium user interaction and no privileged web-application user account. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects to malicious source and non-persistent manipulation of affected or connected application modules.
Request Method(s): [+] GET
Vulnerable Module(s): [+] Location - Map Pro
Vulnerable File(s): [+] ajax_save_field.php
Vulnerable Parameter(s): [+] value