CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205 matches found

RedhatCVE•added 2026/01/09 9:55 a.m.•4 views

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

6.1CVSS6.7AI score0.0045EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:29 a.m.•6 views

CVE-2023-50307

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS6.1AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:4 a.m.•3 views

CVE-2024-41785

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS6.4AI score0.00317EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:17 a.m.•8 views

CVE-2025-1983

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

5.1CVSS5.8AI score0.0055EPSS

Exploits0References1

Cvelist•added 2025/11/27 11:46 a.m.•7 views

CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

0.00078EPSS

Exploits0References1

Metasploit•added 2025/11/22 6:57 p.m.•455 views

Flowise JS Injection RCE

This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and = 3.0.1, authentication via FLOWISEEMAIL and FLOWISEPASSWORD is required due to JWT token verification. Module Options msf use exploit/multi/http/flowisejsrce msf exploitflowisejsrce show targets...

10CVSS6.4AI score0.86202EPSS

Exploits20