Nextclickventures

Realtyscript

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2015-20120

Exploit
  • EPSS 0.38%
  • Veröffentlicht 15.03.2026 18:35:43
  • Zuletzt bearbeitet 19.03.2026 14:15:53

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft reques...

9.8

CVE-2015-20121

Exploit
  • EPSS 0.21%
  • Veröffentlicht 15.03.2026 18:34:19
  • Zuletzt bearbeitet 18.03.2026 15:24:32

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parame...

5.4

CVE-2015-20119

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:17
  • Zuletzt bearbeitet 19.03.2026 14:15:43

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can su...

8.8

CVE-2015-20117

Exploit
  • EPSS 0.09%
  • Veröffentlicht 15.03.2026 18:34:16
  • Zuletzt bearbeitet 19.03.2026 14:13:34

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden fo...

6.1

CVE-2015-20118

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:16
  • Zuletzt bearbeitet 19.03.2026 14:15:11

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in ...

6.1

CVE-2015-20116

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:14
  • Zuletzt bearbeitet 19.03.2026 14:12:28

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field ...

6.1

CVE-2015-20115

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:13
  • Zuletzt bearbeitet 19.03.2026 14:12:21

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in t...

6.1

CVE-2015-20114

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.03.2026 18:34:12
  • Zuletzt bearbeitet 19.03.2026 14:06:21

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers c...

4.3

CVE-2015-20113

Exploit
  • EPSS 0.02%
  • Veröffentlicht 15.03.2026 18:34:11
  • Zuletzt bearbeitet 19.03.2026 13:58:25

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web page...