CVE-2015-20115
Stored Cross-Site Scripting in RealtyScript 4.0.2 File Uploads
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextclickventures | realtyscript | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2015-20115 is a stored Cross-Site Scripting (XSS) vulnerability in RealtyScript version 4.0.2 and earlier. It occurs because the application fails to properly sanitize file uploads through the file POST parameter in the admin/tools.php script.
Attackers can exploit this vulnerability by uploading files containing malicious JavaScript code. This code is then stored on the server and executed in the context of admin/tools.php when accessed by other users.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute malicious JavaScript code in the context of the vulnerable application for other users. This can lead to unauthorized actions such as stealing user session data, performing actions on behalf of users, or delivering further malicious payloads.
Because the attack requires low privileges and user interaction, it can be exploited relatively easily over the network, potentially compromising the security and integrity of user data and the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious file uploads to the admin/tools.php endpoint, specifically files uploaded via the file POST parameter that may contain JavaScript code.'}, {'type': 'paragraph', 'content': 'One approach is to inspect uploaded files on the server for embedded JavaScript or other executable code that should not be present.'}, {'type': 'paragraph', 'content': 'Commands to help detect such files might include searching the upload directory for files containing <script> tags or JavaScript code patterns. For example, using grep on the server:'}, {'type': 'list_item', 'content': 'grep -r --include="*" "<script" /path/to/upload/directory'}, {'type': 'list_item', 'content': 'grep -r --include="*" "javascript:" /path/to/upload/directory'}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for POST requests to admin/tools.php with file uploads can help identify attempts to exploit this vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting file uploads to the admin/tools.php script until a proper fix is applied.
Implement strict validation and sanitization of uploaded files to ensure that no executable scripts or JavaScript code can be uploaded.
Limit access to the admin/tools.php page to trusted users only, and consider applying additional authentication or authorization controls.
Regularly review and remove any suspicious or unauthorized uploaded files from the server.