Description
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Published: 2026-03-15
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross-site scripting
Action: Apply Patch
AI Analysis

Impact

Key detail from the vulnerability description: "Next Click Ventures RealtyScript 4.0.2 contains a cross‑site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized." The flaw permits injection of arbitrary script into the web page rendering context of a victim’s browser, creating a client‑side code execution vulnerability that maps to CWE‑79.

Affected Systems

Key detail from the vendor’s product list: Next Click Ventures RealtyScript 4.0.2 is the affected product. The CPE string cpe:2.3:a:nextclickventures:realtyscript:4.0.2:*:*:*:*:*:*:* identifies the exact affected version. No other versions are listed as vulnerable.

Risk and Exploitability

Key detail from CVSS scoring: 5.1 indicates a moderate severity impact. Key detail from EPSS scoring: <1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector appears to be remote via crafted HTTP requests to the application’s vulnerable parameters. Therefore the risk is moderate, with potential for client‑side code execution if an attacker can send malicious requests.

Generated by OpenCVE AI on March 19, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or upgrade RealtyScript to a version higher than 4.0.2
  • Check Next Click Ventures website for updates or advisories
  • If no patch is available, implement robust input validation and sanitization for the affected parameters

Generated by OpenCVE AI on March 19, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Nextclickventures
Nextclickventures realtyscript
CPEs cpe:2.3:a:nextclickventures:realtyscript:4.0.2:*:*:*:*:*:*:*
Vendors & Products Nextclickventures
Nextclickventures realtyscript

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Next Click Ventuers
Next Click Ventuers realtyscript
Vendors & Products Next Click Ventuers
Next Click Ventuers realtyscript

Sun, 15 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Title RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Next Click Ventuers Realtyscript
Nextclickventures Realtyscript
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-16T14:20:18.259Z

Reserved: 2026-03-15T18:05:00.745Z

Link: CVE-2015-20114

cve-icon Vulnrichment

Updated: 2026-03-16T14:17:19.723Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:46.690

Modified: 2026-03-19T14:06:21.377

Link: CVE-2015-20114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:01:32Z

Weaknesses