Realtyscript Security Vulnerabilities and Issues — Realtyscript CVE List

NextclickventuresRealtyscript

9 matches found

CVE•added 2026/03/15 6:34 p.m.•12 views

CVE-2015-20115

CVE-2015-20115 concerns RealtyScript 4.0.2 from Next Click Ventures. The connected documents confirm a stored cross-site scripting issue via the file upload parameter in admin/tools.php, caused by inadequate sanitization of uploaded files. Attackers could place JavaScript in uploads that would ex...

7.2CVSS5.9AI score0.00267EPSS

Web

CVE•added 2026/03/15 6:34 p.m.•8 views

CVE-2015-20117

The CVE-2015-20117 entry concerns RealtyScript 4.0.2 from Next Click Ventures. A cross-site request forgery vulnerability allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting requests to /admin/addusers.php and /admin/editadmins.php, enabling ...

8.8CVSS5.8AI score0.00195EPSS

Web

CVE•added 2026/03/15 6:34 p.m.•8 views

CVE-2015-20119

CVE-2015-20119 affects RealtyScript 4.0.2 (Next Click Ventures). It is a stored cross-site scripting vulnerability in the pages.php admin interface: an authenticated attacker can submit crafted iframe payloads via the text parameter to the add page action, storing malicious content that executes ...

6.4CVSS5.7AI score0.00207EPSS

CVE•added 2026/03/15 6:34 p.m.•8 views

CVE-2015-20121

CVE-2015-20121 affects RealtyScript 4.0.2 from Next Click Ventures. The vulnerability is an SQL injection in /admin/users.php (GET parameter u_id) and /admin/mailer.php (POST parameter agent[]) allowing unauthenticated attackers to manipulate queries via time-based blind payloads to exfiltrate da...

9.8CVSS6.1AI score0.00418EPSS

Web

CVE•added 2026/03/15 6:34 p.m.•7 views

CVE-2015-20113

CVE-2015-20113 affects RealtyScript 4.0.2 (Next Click Ventures). Connected sources confirm multiple vulnerabilities: cross-site request forgery (CSRF) and persistent cross-site scripting (XSS). The explorable impact described is that an attacker can craft a malicious page to trigger unauthorized ...

6.9CVSS5.7AI score0.00182EPSS

CVE•added 2026/03/15 6:35 p.m.•7 views

CVE-2015-20120

CVE-2015-20120 maps to RealtyScript 4.0.2 from Next Click Ventures, which contains multiple time-based blind SQL injection vulnerabilities. The flaw allows unauthenticated attackers to infer database contents by sending time-delay payloads in application parameters, effectively exposing data char...

9.8CVSS6AI score0.00417EPSS

CVE•added 2026/03/15 6:34 p.m.•6 views

CVE-2015-20114

The CVE-2015-20114 entry concerns RealtyScript 4.0.2 by Next Click Ventures, with a cross-site scripting vulnerability triggered by unsanitized input across multiple parameters. The available documents consistently describe the issue as allowing arbitrary HTML/script execution in a user’s browser...

6.1CVSS6AI score0.00274EPSS

CVE•added 2026/03/15 6:34 p.m.•6 views

CVE-2015-20116

The CVE refers to RealtyScript 4.0.2 from Next Click Ventures, where the CSV file upload handling is vulnerable to stored cross-site scripting due to insufficient sanitization of filename parameters in multipart form data. This can allow an attacker to inject XSS payloads that execute in users’ b...

6.1CVSS6AI score0.00241EPSS

CVE•added 2026/03/15 6:34 p.m.•6 views

CVE-2015-20118

CVE-2015-20118: RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit JavaScript payloads to the locations.php endpoint, enabling arbitrary code execution in administrator browsers. Public refe...

7.2CVSS6AI score0.00321EPSS