CVE-2015-20114 - Vulnerability Details

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Next Click Ventuers Subscribe	Realtyscript Subscribe
Nextclickventures Subscribe	Realtyscript Subscribe

Configuration 1 [-]

cpe:2.3:a:nextclickventures:realtyscript:4.0.2:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Next Click Ventuers Subscribe	Realtyscript Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php
https://www.exploit-db.com/exploits/38496
https://www.vulncheck.com/advisories/realtyscript-cross-site-scripting-via-multiple-parameters

History

Thu, 19 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nextclickventures Nextclickventures realtyscript
CPEs		cpe:2.3:a:nextclickventures:realtyscript:4.0.2:::::::*
Vendors & Products		Nextclickventures Nextclickventures realtyscript

Mon, 16 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Next Click Ventuers Next Click Ventuers realtyscript
Vendors & Products		Next Click Ventuers Next Click Ventuers realtyscript

Sun, 15 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Title		RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
Weaknesses		CWE-79
References		http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php https://www.exploit-db.com/exploits/38496 https://www.vulncheck.com/advisories/realtyscript-cross-site-scripting-via-multiple-parameters
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-15T18:34:12.468Z

Updated: 2026-03-16T14:20:18.259Z

Reserved: 2026-03-15T18:05:00.745Z

Link: CVE-2015-20114

Vulnrichment

Updated: 2026-03-16T14:17:19.723Z

NVD

Status : Analyzed

Published: 2026-03-16T14:17:46.690

Modified: 2026-03-19T14:06:21.377

Link: CVE-2015-20114

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-16T09:21:21Z

Weaknesses

CWE-79

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object