Lucene search

Real Estate Web Security Vulnerabilities

cve

CVE-2024-4273

The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-04 06:15 AM

cve

CVE-2013-5930

Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos...

5.9AI Score

0.002EPSS

2013-09-23 08:55 PM

cve

CVE-2011-3393

Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1...

5.9AI Score

0.002EPSS

2011-09-15 05:58 PM

cve

CVE-2010-3607

Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id...

5.4AI Score

0.001EPSS

2010-09-24 09:00 PM

cve

CVE-2009-4478

Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2)...

5.8AI Score

0.003EPSS

2009-12-30 09:30 PM

cve

CVE-2009-4318

Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party...

5.7AI Score

0.002EPSS

2009-12-14 09:17 PM

cve

CVE-2008-7030

Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be...

9.1AI Score

0.001EPSS

2009-08-24 10:30 AM

cve

CVE-2008-0771

Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party...

8.5AI Score

0.002EPSS

2008-02-14 12:00 AM

cve

CVE-2007-0196

SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party...

8.4AI Score

0.003EPSS

2007-01-11 11:28 AM