CVE-2015-20113
Persistent XSS and CSRF in RealtyScript 4.0.2 Enable Admin Actions
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextclickventures | realtyscript | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in RealtyScript version 4.0.2 involves multiple security issues including Cross-Site Request Forgery (CSRF) and persistent Cross-Site Scripting (XSS). Attackers can exploit these flaws because the application does not properly validate HTTP requests or sanitize user inputs. This allows attackers to perform unauthorized administrative actions if a logged-in user visits a malicious website, and to inject persistent malicious scripts that execute within the context of the affected site.
- CSRF enables attackers to trick logged-in users into executing unwanted actions with administrative privileges.
- Persistent XSS vulnerabilities allow attackers to inject arbitrary HTML and JavaScript code that runs in the application context, potentially compromising user sessions and site integrity.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized administrative actions and persistent malicious code execution within the application. Specifically, attackers can:
- Add new users with administrative privileges without authorization.
- Create superuser accounts that have elevated privileges.
- Inject and execute arbitrary scripts that can hijack user sessions, deface the website, or embed malicious content.
- Compromise the integrity and security of the affected real estate software, potentially leading to data breaches or unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying attempts to exploit Cross-Site Request Forgery (CSRF) and persistent Cross-Site Scripting (XSS) in RealtyScript 4.0.2. You can monitor HTTP requests for suspicious POST parameters such as "file", "location_name", and "text" that may contain malicious scripts or forged requests targeting administrative actions.'}, {'type': 'paragraph', 'content': 'Specifically, you can look for POST requests to endpoints like "admin/addusers.php" and "admin/editadmins.php" that attempt to add or modify users with elevated privileges without proper authorization.'}, {'type': 'paragraph', 'content': 'Commands to detect such activity might include using network traffic analysis tools or web server logs to filter for suspicious POST requests. For example, using grep on web server logs:'}, {'type': 'list_item', 'content': "grep -i 'POST /admin/addusers.php' /var/log/httpd/access_log"}, {'type': 'list_item', 'content': "grep -i 'POST /admin/editadmins.php' /var/log/httpd/access_log"}, {'type': 'list_item', 'content': "grep -iE 'file=|location_name=|text=' /var/log/httpd/access_log"}, {'type': 'paragraph', 'content': 'Additionally, you can use web vulnerability scanners or proxy tools (like Burp Suite) to test for CSRF tokens and input sanitization on these parameters to confirm the presence of the vulnerability.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include implementing proper CSRF protections and input validation/sanitization in the RealtyScript 4.0.2 application.'}, {'type': 'list_item', 'content': 'Add CSRF tokens to all forms and verify them on the server side to prevent unauthorized administrative actions.'}, {'type': 'list_item', 'content': 'Sanitize and validate all user-supplied input parameters, especially those like "file", "location_name", and "text", to prevent injection of malicious scripts.'}, {'type': 'list_item', 'content': 'Restrict administrative actions to authenticated and authorized users only, ensuring proper session management.'}, {'type': 'list_item', 'content': 'Monitor and block suspicious requests targeting administrative endpoints such as "admin/addusers.php" and "admin/editadmins.php".'}, {'type': 'paragraph', 'content': 'If a patch or updated version from the vendor is available, apply it immediately. Since the vendor did not respond prior to the advisory release, consider applying custom fixes or using web application firewalls (WAF) to block exploit attempts.'}] [1, 2]