CVE-2015-20115

Name of the Vulnerable Software and Affected Versions RealtyScript version 4.0.2

Description The software does not properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in the ''admin/tools.php'' file. Attackers can upload files containing JavaScript code that executes in the context of ''admin/tools.php'' when accessed by other users. The vulnerable parameter is file.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file uploads to trusted sources only.