CVE-2015-20116 in RealtyScriptthông tin

Tóm tắt

Bởi MITRE • 16/03/2026

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

VulnCheck

Đặt trước

15/03/2026

Tiết lộ

16/03/2026

Kiểm duyệt

được chấp nhận

mục

VDB-351162

CPE

sẵn sàng

CWE

CWE-79 (Đã xác nhận)

Khai thác

Tải xuống

CVSS

6.1 (NVD)

EPSS

0.00051

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-20116
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-20116
CVE Details	https://www.cvedetails.com/cve/CVE-2015-20116/

◂ Trước Tổng Quan Tiếp theo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!