CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2015-9407

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS5.7AI score0.00039EPSS

Exploits2References4

EUVD•added 2026/03/16 3:30 p.m.•2 views

EUVD-2015-9409

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

6.1CVSS6AI score0.00055EPSS

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00035EPSS

CVE-2015-20121

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

9.8CVSS0.0027EPSS

NVD•added 2026/03/16 2:17 p.m.•2 views

CVE-2015-20119

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

6.4CVSS0.00042EPSS

CVE-2015-20117

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...

8.8CVSS0.00154EPSS

CVE-2015-20118

7.2CVSS0.00045EPSS

NVD•added 2026/03/16 2:17 p.m.•0 views

CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

6.1CVSS0.00051EPSS

NVD•added 2026/03/16 2:17 p.m.•2 views

CVE-2015-20120

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

9.8CVSS0.00492EPSS

NVD•added 2026/03/16 2:17 p.m.•3 views

CVE-2015-20113

6.9CVSS0.00039EPSS

Exploits2References3

CVE-2015-20114

6.1CVSS0.00055EPSS

NVD•added 2026/03/16 2:17 p.m.•3 views

CVE-2015-20115

7.2CVSS0.00035EPSS

CNNVD•added 2026/03/16 12:0 a.m.•2 views

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the locationname parameter, which may allow attackers to inject JavaScript payload...

7.2CVSS5.9AI score0.00045EPSS

CNNVD•added 2026/03/16 12:0 a.m.•3 views

RealtyScript 跨站请求伪造漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, which may allow unverified attackers to create unauthorized user...

8.8CVSS5.7AI score0.00154EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25720

6.9CVSS5.8AI score0.00154EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25723

8.8CVSS6AI score0.00492EPSS

CNNVD•added 2026/03/16 12:0 a.m.•2 views

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of CSV file uploads, which may allow attackers to inject malicious scripts through th...

6.1CVSS5.9AI score0.00051EPSS

CNNVD•added 2026/03/16 12:0 a.m.•2 views

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

9.8CVSS5.8AI score0.00492EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25719

6.1CVSS6AI score0.00051EPSS