Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.

SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.

SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.

Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."

Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."

Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.

SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.