Next Click Ventures Realtyscript vulnerabilities
6 known vulnerabilities affecting next_click_ventures/realtyscript.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2015-20120P2CRITICALCVSS 9.8v4.0.22026-03-16
CVE-2015-20120 [CRITICAL] CWE-89 CVE-2015-20120: Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilit
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timi
nvd
CVE-2015-20117P3HIGHCVSS 8.8v4.0.22026-03-16
CVE-2015-20117 [HIGH] CWE-352 CVE-2015-20117: Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allo
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary
nvd
CVE-2015-20115P4MEDIUMCVSS 6.1v4.0.22026-03-16
CVE-2015-20115 [MEDIUM] CWE-79 CVE-2015-20115: Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers t
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
nvd
CVE-2015-20116P4MEDIUMCVSS 6.1v4.0.22026-03-16
CVE-2015-20116 [MEDIUM] CWE-79 CVE-2015-20116: Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attacke
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.
nvd
CVE-2015-20118P4MEDIUMCVSS 6.1v4.0.22026-03-16
CVE-2015-20118 [MEDIUM] CWE-79 CVE-2015-20118: Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the l
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the location_name field to execute arbitrary code in administrator browsers.
nvd
CVE-2015-20119P4MEDIUMCVSS 5.4v4.0.22026-03-16
CVE-2015-20119 [MEDIUM] CWE-79 CVE-2015-20119: Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that all
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with crafted iframe payloads in the text parameter to store
nvd