Security Advisory

CVE-2015-20118

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-15 18:34:16

Last updated 2026-05-24 01:36:08

Assigner VulnCheck

State PUBLISHED

Description

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the location_name field to execute arbitrary code in administrator browsers.

← Browse all CVEs View on cve.org ↗