CVE-2015-20118

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions RealtyScript version 4.0.2

Description RealtyScript 4.0.2 contains a stored cross-site scripting issue in the location name parameter of the admin locations interface. Attackers can submit POST requests to the ''locations.php'' endpoint with JavaScript payloads in the location name field, potentially executing arbitrary code in administrator browsers.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the location name parameter before using it in the application.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-20118

Affected Products

Realtyscript

CVE-2015-20118

Weakness Enumeration

Related Identifiers

Affected Products

References · 5