CVE-2016-20024 - ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
CVE ID :CVE-2016-20024
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20024
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20025 - ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
CVE ID :CVE-2016-20025
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20025
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20026 - ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution
CVE ID :CVE-2016-20026
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20026
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20027 - ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities
CVE ID :CVE-2016-20027
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the context of the affected application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20027
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in vulnerable parameters to execute scripts in a user's browser session within the context of the affected application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20028 - ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
CVE ID :CVE-2016-20028
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20028
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20029 - ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
CVE ID :CVE-2016-20029
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20029
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20030 - ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction
CVE ID :CVE-2016-20030
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20030
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20031 - ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp
CVE ID :CVE-2016-20031
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20031
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-20032 - ZKTeco ZKAccess Security System 5.3.1 Stored XSS
CVE ID :CVE-2016-20032
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2016-20032
Published : March 15, 2026, 1:35 p.m. | 52 minutes ago
Description :ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28520 - arduino-TuyaOpen WiFiMulti Single-Byte Buffer Overflow Remote Code Execution
CVE ID :CVE-2026-28520
Published : March 15, 2026, 1:35 p.m. | 51 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28520
Published : March 15, 2026, 1:35 p.m. | 51 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28521 - arduino-TuyaOpen TuyaIoT Out-of-Bounds Memory Read Information Disclosure
CVE ID :CVE-2026-28521
Published : March 15, 2026, 1:35 p.m. | 51 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28521
Published : March 15, 2026, 1:35 p.m. | 51 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28519 - arduino-TuyaOpen DnsServer Heap-Based Buffer Overflow Remote Code Execution
CVE ID :CVE-2026-28519
Published : March 15, 2026, 1:36 p.m. | 50 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28519
Published : March 15, 2026, 1:36 p.m. | 50 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28522 - arduino-TuyaOpen WiFiUDP Null Pointer Dereference Denial of Service
CVE ID :CVE-2026-28522
Published : March 15, 2026, 1:36 p.m. | 50 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28522
Published : March 15, 2026, 1:36 p.m. | 50 minutes ago
Description :arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4181 - D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow
CVE ID :CVE-2026-4181
Published : March 15, 2026, 4:02 p.m. | 2 hours, 25 minutes ago
Description :A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4181
Published : March 15, 2026, 4:02 p.m. | 2 hours, 25 minutes ago
Description :A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4182 - D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow
CVE ID :CVE-2026-4182
Published : March 15, 2026, 4:02 p.m. | 2 hours, 25 minutes ago
Description :A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4182
Published : March 15, 2026, 4:02 p.m. | 2 hours, 25 minutes ago
Description :A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4183 - D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow
CVE ID :CVE-2026-4183
Published : March 15, 2026, 4:32 p.m. | 1 hour, 55 minutes ago
Description :A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4183
Published : March 15, 2026, 4:32 p.m. | 1 hour, 55 minutes ago
Description :A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4184 - D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow
CVE ID :CVE-2026-4184
Published : March 15, 2026, 5:32 p.m. | 55 minutes ago
Description :A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4184
Published : March 15, 2026, 5:32 p.m. | 55 minutes ago
Description :A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2013-20006 - Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
CVE ID :CVE-2013-20006
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2013-20006
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-20113 - RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities
CVE ID :CVE-2015-20113
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in users visit them, or inject persistent scripts that execute in the application context.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2015-20113
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in users visit them, or inject persistent scripts that execute in the application context.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-20114 - RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
CVE ID :CVE-2015-20114
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2015-20114
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-20115 - RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter
CVE ID :CVE-2015-20115
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2015-20115
Published : March 15, 2026, 6:34 p.m. | 3 hours, 54 minutes ago
Description :Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...