CVE-2015-20114 - Vulnerability Details

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Next Click Ventuers	Realtyscript

No data.

References

Link	Providers
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php
https://www.exploit-db.com/exploits/38496
https://www.vulncheck.com/advisories/realtyscript-cross-site-scripting-via-multiple-parameters

History

Mon, 16 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Next Click Ventuers Next Click Ventuers realtyscript
Vendors & Products		Next Click Ventuers Next Click Ventuers realtyscript

Sun, 15 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Title		RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
Weaknesses		CWE-79
References		http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php https://www.exploit-db.com/exploits/38496 https://www.vulncheck.com/advisories/realtyscript-cross-site-scripting-via-multiple-parameters
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-15T18:34:12.468Z

Updated: 2026-03-16T14:20:18.259Z

Reserved: 2026-03-15T18:05:00.745Z

Link: CVE-2015-20114

Vulnrichment

Updated: 2026-03-16T14:17:19.723Z

NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:17:46.690

Modified: 2026-03-16T14:53:46.157

Link: CVE-2015-20114

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object