CVE-2015-20115 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in…
Medium CVSS: 5.1

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
Vendor
Nextclickventures
Product
Realtyscript
CWE
CWE-79
Yayın Tarihi
2026-03-16 14:17:46
Güncelleme
2026-03-19 14:12:21
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Realtyscript MEDIUM Nextclickventures 2026

Referanslar

https://www.exploit-db.com/exploits/38496 https://www.vulncheck.com/advisories/realtyscript-stored-cross-site-scripting-via-file-upload-parameter https://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php