CVE-2015-20114
Awaiting Analysis Awaiting Analysis - Queue

Cross-Site Scripting in RealtyScript 4.0.2 Enables Code Execution

Vulnerability report for CVE-2015-20114, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-03-19

Assigner: VulnCheck

Description

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-03-19
Generated
2026-07-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nextclickventures realtyscript 4.0.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'RealtyScript version 4.0.2 contains a cross-site scripting (XSS) vulnerability identified as CVE-2015-20114. This vulnerability arises because multiple parameters in the application do not properly sanitize user input, allowing attackers to inject and execute arbitrary HTML and script code.'}, {'type': 'paragraph', 'content': "Attackers can craft malicious requests with script payloads in these vulnerable parameters, which then execute within the context of users' browser sessions when they interact with the affected application."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This cross-site scripting vulnerability can allow attackers to execute arbitrary code in users' browsers, potentially compromising user data or session integrity."}, {'type': 'list_item', 'content': 'Attackers may steal sensitive information such as cookies or session tokens.'}, {'type': 'list_item', 'content': 'It can lead to unauthorized actions performed on behalf of the user.'}, {'type': 'list_item', 'content': 'Users may be exposed to phishing or malware through injected malicious scripts.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by crafting and sending HTTP requests to the RealtyScript 4.0.2 application with malicious script payloads injected into multiple parameters that are known to be vulnerable. Observing whether the injected scripts are executed in the response or within the user's browser session indicates the presence of the vulnerability."}, {'type': 'paragraph', 'content': 'Specific commands or tools to detect this vulnerability include using curl or similar HTTP clients to send requests with script payloads in parameters, for example:'}, {'type': 'list_item', 'content': 'curl -X GET "http://targetsite/path?param=<script>alert(\'XSS\')</script>" -i'}, {'type': 'list_item', 'content': 'Using web vulnerability scanners that test for cross-site scripting (XSS) by injecting scripts into parameters and analyzing responses.'}, {'type': 'paragraph', 'content': 'If the response or the rendered page executes the injected script, the vulnerability is present.'}] [1]

Mitigation Strategies

Immediate mitigation steps include applying proper input sanitization and output encoding on all parameters that accept user input to prevent injection of malicious scripts.

Additionally, updating RealtyScript to a version where this vulnerability is fixed or applying any available patches from the vendor or security advisories is recommended.

As a temporary measure, implementing web application firewall (WAF) rules to detect and block requests containing suspicious script payloads can help reduce exploitation risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2015-20114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart