Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
AnalysisAI
A cross-site scripting vulnerability in Next Click Ventures RealtyScript 4.0.2 (CVSS 6.1) that allows attackers. Risk factors: public PoC available.
Technical ContextAI
CWE-79 (Cross-site Scripting). Affects Next Click Ventures RealtyScript 4.0.2.
RemediationAI
Monitor vendor channels for patch availability.
More in Realtyscript
View allMultiple time-based blind SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to
A stored cross-site scripting (XSS) vulnerability exists in RealtyScript 4.0.2's admin locations interface, allowing una
Stored cross-site scripting (XSS) vulnerability in Next Click Ventures RealtyScript 4.0.2 that allows attackers to uploa
RealtyScript 4.0.2 contains a stored cross-site scripting (XSS) vulnerability in the pages.php admin interface that allo
Stored cross-site scripting (XSS) vulnerability in Next Click Ventures RealtyScript 4.0.2 that allows unauthenticated at
RealtyScript 4.0.2 contains a cross-site request forgery (CSRF) vulnerability in its user management endpoints that allo
RealtyScript 4.0.2 by Next Click Ventures contains both cross-site request forgery (CSRF) and persistent cross-site scri
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2015-9409