Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    24 Oct 2025 Business and Enterprise Solutions
    Liferay: OpenAPI Access Restriction Bypass Allows Unauthorized Retrieval of API Definitions

    In Liferay Portal versions 7.4.0 through 7.4.3.109, and Liferay DXP versions 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-62256 was detected. This vulnerability allows remote attackers to bypass OpenAPI access restrictions and retrieve the OpenAPI YAML file through a crafted URL, potentially exposing sensitive API structure and endpoint information. To address this issue, users should update to Liferay Portal 7.4.3.110, Liferay DXP 2024.Q1.1, 2023.Q4.6, 2023.Q3.8, or 7.3 update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62256.

    Read more
    CMS
    24 Oct 2025 Business and Enterprise Solutions
    Liferay: Self-XSS via Crafted Attachment Filename on Knowledge Base Article Edit Page

    In Liferay Portal versions 7.4.0 through 7.4.3.101 and Liferay DXP versions 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and older unsupported versions a low severity vulnerability CVE-2025-62255 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename on the Knowledge Base article edit page, potentially enabling self-XSS when the affected page is rendered in the victim’s browser. To address this issue, users should update to Liferay Portal 7.4.3.102, Liferay DXP 2023.Q3.6, or 7.3 update 35. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62255.

    Read more
    CMS
    24 Oct 2025 Business and Enterprise Solutions
    Liferay: Denial of Service via Unrestricted File Combination in ComboServlet

    In Liferay Portal versions 7.4.0 through 7.4.3.111 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35 and older unsupported versions a medium severity vulnerability CVE-2025-62254 was detected. This vulnerability allows remote attackers to trigger a denial of service by sending crafted requests that cause the ComboServlet to combine an excessive number or size of files, leading to very large responses and resource exhaustion. To address this issue, users should update to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, 2023.Q4.3, 2023.Q3.6, or 7.3 update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62254.

    Read more
    CMS
    24 Oct 2025 Business and Enterprise Solutions
    Liferay: Missing Authorization in Collection Provider Enables Unauthorized Blueprint Access

    In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.19 a low severity vulnerability CVE-2025-62247 was detected. This vulnerability allows instance users to access and select unauthorized Blueprints through Collection Providers across instances, potentially exposing restricted configuration data. To address this issue, users should update to Liferay DXP 2025.Q3.0, 2025.Q2.10, 2025.Q1.17, or 2024.Q1.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62247.

    Read more
    CMS
    23 Oct 2025 Business and Enterprise Solutions
    Liferay: Stored XSS Vulnerability in Commerce Product Comparison Table

    In Liferay Portal versions 7.4.0 through 7.4.3.111, and Liferay DXP 7.4 GA through update 92, 2023.Q3.1 through 2023.Q3.8, and 2023.Q4.0 through 2023.Q4.5 a medium severity vulnerability CVE-2025-43821 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted payload in a Commerce Product’s Name text field. Users should update Liferay Portal to 7.4.3.112 and Liferay DXP to 2024.Q1.1, 2023.Q3.9, or 2023.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43821.

    Read more
    CMS
    23 Oct 2025 Business and Enterprise Solutions
    Liferay: Multiple XSS Vulnerabilities in Notifications Widget

    In Liferay Portal versions 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q3.1 through 2023.Q3.10 and 2023.Q4.0 through 2023.Q4.5 a medium severity vulnerability CVE-2025-43771 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted payloads in the Notifications widget, including user name fields, flagging “Other Reason” text field, or flagged content name. Users should update Liferay Portal to 7.4.3.112 and Liferay DXP to 2024.Q1.1 or 2023.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43771.

    Read more
    CMS
    23 Oct 2025 Business and Enterprise Solutions
    Liferay: Multiple XSS Vulnerabilities in Calendar Events

    In Liferay Portal versions 7.4.3.35 through 7.4.3.111, 7.4 update 35 through update 92, and 7.3 update 25 through update 36, and Liferay DXP 2023.Q3.1 through 2023.Q3.7 and 2023.Q4.0 through 2023.Q4.5 a medium severity vulnerability CVE-2025-62240 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted payloads in Calendar event fields, including a user’s First Name, Middle Name, or Last Name text fields. Users should update Liferay Portal to 7.4.3.112 and Liferay DXP to 2024.Q1.1, 2023.Q4.6, or 2023.Q3.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62240.

    Read more
    CMS
    23 Oct 2025 Business and Enterprise Solutions
    Liferay: Reflected XSS via DDMPortlet_definition Parameter

    In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.19 a medium severity vulnerability CVE-2025-62248 was detected. This vulnerability allows a remote authenticated attacker to inject and execute JavaScript code via the _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter, leading to code execution in the victim’s browser when visiting a crafted URL. To address this issue, users should update to Liferay DXP 2025.Q2.10, 2025.Q1.17, or 2024.Q1.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62248.

    Read more
    CMS
    22 Oct 2025 Business and Enterprise Solutions
    Liferay: Improper Authentication Allows Unauthenticated Cluster Messages to Be Treated as Trusted Data

    In Liferay Portal versions 7.4.0 through 7.4.3.132 and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-62250 was detected. This vulnerability allows remote attackers to send unauthenticated cluster messages that are treated as trusted data, potentially compromising system integrity. To address this issue, users should upgrade to Liferay DXP versions 2024.Q1.1, 2023.Q4.1, 2023.Q3.5, 7.3 update 36, or the latest master branch of Liferay Portal. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-62250.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}