Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026
RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter
CVE-2015-20115
Description
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 4.0.2+ 1 more
- (no CPE)range: = 4.0.2
- (no CPE)range: 4.0.2
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/38496mitreexploit
- www.vulncheck.com/advisories/realtyscript-stored-cross-site-scripting-via-file-upload-parametermitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.phpmitrethird-party-advisory
News mentions
0No linked articles in our index yet.