nextclickventures 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-20121 | Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads. | [email protected] | 8.8 | 0.26% | 2026-03-16 | 2026-03-18 |
| CVE-2015-20120 | Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences. | [email protected] | 8.8 | 0.47% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20119 | Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with crafted iframe payloads in the text parameter to store malicious content that executes in the browsers of users viewing the affected pages. | [email protected] | 5.1 | 0.03% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20118 | Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the location_name field to execute arbitrary code in administrator browsers. | [email protected] | 5.1 | 0.04% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20117 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level. | [email protected] | 6.9 | 0.15% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20116 | Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed. | [email protected] | 5.1 | 0.05% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20115 | Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users. | [email protected] | 5.1 | 0.03% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20114 | Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application. | [email protected] | 5.1 | 0.06% | 2026-03-16 | 2026-03-19 |
| CVE-2015-20113 | Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in users visit them, or inject persistent scripts that execute in the application context. | [email protected] | 6.9 | 0.01% | 2026-03-16 | 2026-03-19 |