How serious is CVE-2015-20113?

This vulnerability has a CVSS score of 6.9 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2015-20113?

CVE-2015-20113 affects nextclickventures realtyscript. Check the full CVE details for specific version information.

How do I fix CVE-2015-20113?

To remediate CVE-2015-20113, check for security patches from nextclickventures. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2015-20113

Medium

|6.9

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows attackers to perform unauthorized actions as an administrator and inject harmful scripts into the RealtyScript application. It requires the attacker to trick logged-in users into visiting a malicious web page or to exploit the application to store and execute their scripts.

Technical Description

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in users visit them, or inject persistent scripts that execute in the application context.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,000($500-$1K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Mar 16, 2026

22 days ago

Last Modified

Mar 19, 2026

19 days ago

Vendor

nextclickventures

Product

realtyscript

Related Vulnerabilities

CVE-2015-20121High

This vulnerability allows attackers to manipulate database queries and potentially access sensitive information by injecting malicious SQL code through specific web form inputs, without needing to log in. All an attacker needs is to send specially crafted requests to the affected URLs, making it relatively easy to exploit.

CVE-2015-20120High

This vulnerability allows attackers to secretly access and extract sensitive information from the database of RealtyScript by sending specially crafted requests, even without logging in. They can do this by measuring how long it takes the system to respond, which reveals data one piece at a time.

CVE-2015-20119Medium

This vulnerability allows an attacker with a valid account to inject harmful HTML and iframe code into the RealtyScript admin interface, which can then execute in the browsers of users who visit affected pages. To exploit this, the attacker must submit a specially crafted request while logged in, enabling them to store and display malicious content to other users.

CVE-2015-20118Medium

This vulnerability allows an attacker to run malicious JavaScript code in the browsers of administrators by submitting specially crafted data through the admin locations interface. To exploit this, the attacker needs access to the locations.php endpoint and must input harmful scripts into the location_name field.

CVE-2015-20117Medium

This vulnerability allows attackers to create unauthorized user accounts, including administrative ones, by tricking users into submitting malicious forms. It requires no authentication, meaning anyone can exploit it simply by sending specially crafted requests to the system's user management endpoints.