CVE-2025-0602

A stored Cross-site Scripting XSS vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

The vulnerability of the dv_compare component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the dvcompare component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially created SQL...

The vulnerability of the secure_compare() function in the Mojolicious module allows a hacker to obtain the length of the secret string.

The vulnerability of the securecompare function in the Mojolicious module relates to manipulating an unknown input, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow a remote attacker to obtain the length of the secret string...

CVE-2022-28820

ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...