Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

69 matches found

Positive Technologies
Positive Technologiesadded 2026/03/16 12:0 a.m.7 views

PT-2026-25720

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...

6.9CVSS5.8AI score0.00195EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/03/16 12:0 a.m.4 views

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

9.8CVSS5.8AI score0.00417EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/16 12:0 a.m.4 views

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Corporation. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of text parameters, which may allow attackers to inject malicious HTML and...

6.4CVSS5.7AI score0.00207EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/16 12:0 a.m.6 views

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the locationname parameter, which may allow attackers to inject JavaScript payload...

7.2CVSS5.9AI score0.00321EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/15 6:35 p.m.21 views

CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

8.8CVSS0.00417EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/15 6:35 p.m.3 views

CVE-2015-20120

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

6AI score0.00417EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 6:35 p.m.2 views

CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

8.8CVSS6AI score0.00417EPSS
Exploits1References3
CVE
CVEadded 2026/03/15 6:35 p.m.7 views

CVE-2015-20120

CVE-2015-20120 maps to RealtyScript 4.0.2 from Next Click Ventures, which contains multiple time-based blind SQL injection vulnerabilities. The flaw allows unauthenticated attackers to infer database contents by sending time-delay payloads in application parameters, effectively exposing data char...

9.8CVSS6AI score0.00417EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 6:34 p.m.3 views

CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS6.1AI score0.00418EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/15 6:34 p.m.23 views

CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS0.00418EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/15 6:34 p.m.2 views

CVE-2015-20121

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

6.1AI score0.00418EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/15 6:34 p.m.8 views

CVE-2015-20121

CVE-2015-20121 affects RealtyScript 4.0.2 from Next Click Ventures. The vulnerability is an SQL injection in /admin/users.php (GET parameter u_id) and /admin/mailer.php (POST parameter agent[]) allowing unauthenticated attackers to manipulate queries via time-based blind payloads to exfiltrate da...

9.8CVSS6.1AI score0.00418EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/15 6:34 p.m.8 views

CVE-2015-20119

CVE-2015-20119 affects RealtyScript 4.0.2 (Next Click Ventures). It is a stored cross-site scripting vulnerability in the pages.php admin interface: an authenticated attacker can submit crafted iframe payloads via the text parameter to the add page action, storing malicious content that executes ...

6.4CVSS5.7AI score0.00207EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/15 6:34 p.m.21 views

CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

6.4CVSS0.00207EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/15 6:34 p.m.2 views

CVE-2015-20119

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

5.7AI score0.00207EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 6:34 p.m.5 views

CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

6.4CVSS5.7AI score0.00207EPSS
Exploits1References3
CVE
CVEadded 2026/03/15 6:34 p.m.6 views

CVE-2015-20118

CVE-2015-20118: RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit JavaScript payloads to the locations.php endpoint, enabling arbitrary code execution in administrator browsers. Public refe...

7.2CVSS6AI score0.00321EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 6:34 p.m.3 views

CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...

7.2CVSS6AI score0.00321EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/15 6:34 p.m.22 views

CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...

7.2CVSS0.00321EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/15 6:34 p.m.3 views

CVE-2015-20117

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...

5.8AI score0.00195EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder