Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans

Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation...

Liferay Mentions Web is Vulnerable to Cross-site Scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

CVE-2025-62246 is a stored XSS in Liferay Portal 7.4.x and Liferay DXP (older and unsupported versions) due to improper sanitization of name fields in com.liferay.mentions.web; exploited when a crafted first/mmiddle/last name is rendered in widgets/apps such as page comments, blog comments, docs/...

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

Code injection

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

PT-2024-12961 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue arises from the improper sanitization of User ID references at mentions in document comments, allowing script code to be injected into a user's session when working with a...

OpenKM Cross-Site Scripting Vulnerability

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 7.1.40, which originates from a cross-site scripting attack that allows authenticated users ...

Dos via Document Comments

Description An attacker can abuse the document comment functionality, handled by the /api/comments.create API endpoint, since there is not size check or validation of the comment contents, which allows an attacker to send a comment with almost an unlimited number of characters1MB max POST size...