CVE-2015-20116 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters i…
Medium CVSS: 5.1

CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.
Vendor
Nextclickventures
Product
Realtyscript
CWE
CWE-79
Yayın Tarihi
2026-03-16 14:17:47
Güncelleme
2026-03-19 14:12:28
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Realtyscript MEDIUM Nextclickventures 2026

Referanslar

https://www.exploit-db.com/exploits/38496 https://www.vulncheck.com/advisories/realtyscript-stored-cross-site-scripting-via-csv-file-upload-filename https://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php