Primary

Context

Next Click Ventures RealtyScript Cross-Site Scripting Vulnerability via File Upload

Vulnerability

A stored cross-site scripting vulnerability has been identified in Next Click Ventures RealtyScript version 4.0.2. The issue arises from improper sanitization of file uploads, allowing attackers to inject malicious JavaScript into the file POST parameter of admin/tools.php. When these files are accessed by other users, the injected scripts execute in the context of the admin/tools.php page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded files containing malicious scripts are executed when the affected page is accessed by other users.

Reproduction

To reproduce this vulnerability, upload a file through the file POST parameter in admin/tools.php. The file should contain JavaScript code, such as a script tag with an alert function. Once uploaded, the JavaScript will execute when the file is accessed by other users.

Added: Mar 16, 2026, 3:27 PM

Updated: Mar 16, 2026, 3:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Next Click Ventures RealtyScript Cross-Site Scripting Vulnerability via File Upload

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating