nGenuity

Get a Security Assessment

ExpressionEngine Persistent Cross-Site Scripting

ExpressionEngine is a flexible, feature-rich content management system that empowers thousands of individuals, organizations, and companies around the world to easily manage their website.” ExpressionEngine (1.6.4 (possibly earlier)-1.6.6) are vulnerable to persistent cross-site scripting.

Open-Realty SQL Injection

Open-Realty® is an open source web based real estate listing management application. It is intended to be both easy to setup and use. Written in PHP, Open-Realty® is designed to be a fast and flexible tool for your real estate website” A Blind SQL Injection vulnerability exists within Open-Realty that is exploitable by a user with admin or agent privileges.