Next Click Ventures RealtyScript Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in Next Click Ventures RealtyScript version 4.0.2. This vulnerability allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Exploitation of this vulnerability enables the execution of injected code in the context of the user's browser session within the affected application.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's session on the affected site.

Reproduction

The vulnerability can be reproduced by injecting script payloads into various unsanitized parameters of the application. This can be done manually or through an automated script that targets the specific vulnerabilities in the application's input handling. Once the payload is injected, it will be executed in the context of the user's browser session.