Latest CVE Vulnerabilities

9.8 CRITICAL

CVE-2015-20120 — RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into…

realtyscript | Remote | Injection

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

6.4 MEDIUM

CVE-2015-20119 — RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter…

realtyscript | Remote | Cross-Site Scripting

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

7.2 HIGH

CVE-2015-20118 — RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the …

realtyscript | Remote | Cross-Site Scripting

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

8.8 HIGH

CVE-2015-20117 — RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by craft…

realtyscript | Remote | Cross-Site Request Forgery

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

6.1 MEDIUM

CVE-2015-20116 — RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can up…

realtyscript | Remote | Cross-Site Scripting

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

7.2 HIGH

CVE-2015-20115 — RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload …

realtyscript | Remote | Cross-Site Scripting

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

6.1 MEDIUM

CVE-2015-20114 — RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple para…

realtyscript | Remote | Cross-Site Scripting

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

6.9 MEDIUM

CVE-2015-20113 — RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scriptin…

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malici…

realtyscript | Remote | Cross-Site Request Forgery

Mar 16, 2026 Mar 19, 2026

Mar 16, 2026

Mar 19, 2026

8.7 HIGH

CVE-2013-20006 — Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users…

Remote | Cross-Site Scripting

Mar 16, 2026 Mar 16, 2026

Mar 16, 2026

6.9 MEDIUM

CVE-2013-20005 — Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers c…

Remote | Cross-Site Request Forgery

Mar 16, 2026 Mar 16, 2026

Mar 16, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences