CVE-2015-20114
Cross-Site Scripting in RealtyScript 4.0.2 Enables Code Execution
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextclickventures | realtyscript | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'RealtyScript version 4.0.2 contains a cross-site scripting (XSS) vulnerability identified as CVE-2015-20114. This vulnerability arises because multiple parameters in the application do not properly sanitize user input, allowing attackers to inject and execute arbitrary HTML and script code.'}, {'type': 'paragraph', 'content': "Attackers can craft malicious requests with script payloads in these vulnerable parameters, which then execute within the context of users' browser sessions when they interact with the affected application."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This cross-site scripting vulnerability can allow attackers to execute arbitrary code in users' browsers, potentially compromising user data or session integrity."}, {'type': 'list_item', 'content': 'Attackers may steal sensitive information such as cookies or session tokens.'}, {'type': 'list_item', 'content': 'It can lead to unauthorized actions performed on behalf of the user.'}, {'type': 'list_item', 'content': 'Users may be exposed to phishing or malware through injected malicious scripts.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by crafting and sending HTTP requests to the RealtyScript 4.0.2 application with malicious script payloads injected into multiple parameters that are known to be vulnerable. Observing whether the injected scripts are executed in the response or within the user's browser session indicates the presence of the vulnerability."}, {'type': 'paragraph', 'content': 'Specific commands or tools to detect this vulnerability include using curl or similar HTTP clients to send requests with script payloads in parameters, for example:'}, {'type': 'list_item', 'content': 'curl -X GET "http://targetsite/path?param=<script>alert(\'XSS\')</script>" -i'}, {'type': 'list_item', 'content': 'Using web vulnerability scanners that test for cross-site scripting (XSS) by injecting scripts into parameters and analyzing responses.'}, {'type': 'paragraph', 'content': 'If the response or the rendered page executes the injected script, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying proper input sanitization and output encoding on all parameters that accept user input to prevent injection of malicious scripts.
Additionally, updating RealtyScript to a version where this vulnerability is fixed or applying any available patches from the vendor or security advisories is recommended.
As a temporary measure, implementing web application firewall (WAF) rules to detect and block requests containing suspicious script payloads can help reduce exploitation risk.