CVE-2015-20119
Stored XSS in RealtyScript 4.0.2 Admin Pages Allows Malicious Injection
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextclickventures | realtyscript | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2015-20119 is a stored cross-site scripting (XSS) vulnerability found in RealtyScript version 4.0.2. It occurs in the pages.php admin interface through the "text" parameter.'}, {'type': 'paragraph', 'content': 'Authenticated attackers can exploit this vulnerability by sending crafted POST requests to the "add page" action, injecting malicious HTML and iframe elements into the "text" parameter.'}, {'type': 'paragraph', 'content': 'This malicious content is stored on the server and later executed in the browsers of users who view the affected pages, potentially allowing attackers to run arbitrary scripts in the context of the affected site.'}] [1]
How can this vulnerability impact me? :
This vulnerability allows attackers to inject and store malicious HTML and iframe content that executes in the browsers of users viewing the affected pages.
As a result, attackers could perform actions such as stealing user session cookies, redirecting users to malicious sites, or executing other malicious scripts within the context of the vulnerable application.
The CVSS v3.1 score of 6.4 indicates a moderate severity impact, with potential confidentiality and integrity loss but no direct impact on availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for crafted POST requests to the pages.php admin interface, specifically targeting the "add page" action with malicious payloads in the "text" parameter.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can inspect web server logs or use network monitoring tools to look for POST requests containing suspicious HTML or iframe elements in the "text" parameter.'}, {'type': 'paragraph', 'content': 'Example command to search web server logs for suspicious POST requests (assuming Apache logs):'}, {'type': 'list_item', 'content': "grep -i 'POST /pages.php' /var/log/apache2/access.log | grep 'add page' | grep -E '<iframe|<script|<html'"}, {'type': 'paragraph', 'content': 'Additionally, you can use tools like curl to manually test the vulnerability by sending crafted POST requests with malicious payloads in the "text" parameter to see if the content is stored and executed.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the pages.php admin interface to trusted users only, as the vulnerability requires authenticated access.'}, {'type': 'paragraph', 'content': 'Implement input validation and sanitization on the "text" parameter to prevent injection of malicious HTML or iframe elements.'}, {'type': 'paragraph', 'content': 'If possible, apply any available patches or updates from the vendor that address this stored cross-site scripting vulnerability.'}, {'type': 'paragraph', 'content': 'As a temporary measure, monitor and block suspicious POST requests targeting the "add page" action with malicious payloads.'}] [1]