CVE-2015-20116

Name of the Vulnerable Software and Affected Versions RealtyScript version 4.0.2

Description The software does not properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with cross-site scripting (XSS) payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.