Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.

SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.