CVE-2015-20118 is a stored XSS vulnerability (CVSS 7.2) in RealtyScript 4.0.2 affecting the admin locations interface via the location_name parameter; it is over 10 years old with no CISA KEV listing and a very low EPSS score. Risk is limited to organizations actively running this legacy version, which is likely end-of-life and unsupported. Inventory any remaining RealtyScript 4.0.2 deployments, restrict admin interface access to trusted networks, and plan immediate migration to a current supported platform rather than seeking a backport fix.