Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    6 Oct 2025 Business and Enterprise Solutions
    Liferay: Script Injection in Related Asset Selector Author Fields

    In Liferay Portal versions 7.4.3.50 through 7.4.3.111 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 Update 50 through Update 92 a medium severity vulnerability CVE-2025-43811 was detected. This stored cross-site scripting vulnerability in the related asset selector allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted payload placed in an asset author’s First Name, Middle Name, or Last Name fields. To address this issue, users should upgrade Liferay Portal to version7.4.3.112 and Liferay DXP to versions 2024.Q1.1, 2023.Q4.5, 2023.Q3.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43811.

    Read more
    CMS
    3 Oct 2025 Business and Enterprise Solutions
    Liferay: Calendar Widget Script Injection via User Name Fields

    In Liferay Portal versions 7.4.3.35 through 7.4.3.110 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 Update 35 through Update 92, and 7.3 Update 25 through Update 36 a medium severity vulnerability CVE-2025-43820 was detected. This issue affects the Calendar widget, where crafted payloads injected into a user’s First Name, Middle Name, or Last Name fields can allow attackers to insert arbitrary script or HTML when users are invited to an event. To address this vulnerability, users should upgrade Liferay Portal to versions 7.4.3.111 and Liferay DXP to versions 2024.Q1.1, 2023.Q4.5, 2023.Q3.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43820.

    Read more
    CMS
    3 Oct 2025 Business and Enterprise Solutions
    Liferay: Announcements and Alerts Redirect Parameter Vulnerability

    In Liferay Portal versions 7.4.3.74 through 7.4.3.111 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 Update 74 through Update 92 a medium severity vulnerability CVE-2025-43817 was detected. This issue consists of multiple reflected script injection vulnerabilities, where remote attackers can inject arbitrary script or HTML through the redirect parameter in Announcements or Alerts. To address this vulnerability, users should upgrade Liferay Portal to version 7.4.3.112 and Liferay DXP to versions 2023.Q3.9, 2023.Q4.7, 2024.Q1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43817.

    Read more
    CMS
    3 Oct 2025 Business and Enterprise Solutions
    Liferay: Path Traversal in ComboServlet Allows Unauthorized File Access

    In Liferay Portal versions 7.4.0 through 7.4.3.107, 7.3.0 through 7.3.7, and Liferay DXP versions 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through Update 92, 7.3 GA through Update 35, and older unsupported releases a medium severity vulnerability CVE-2025-43813 was detected. This path traversal and denial-of-service issue in the ComboServlet allows remote attackers to access arbitrary CSS and JavaScript files and to repeatedly load them via crafted query strings, potentially causing resource exhaustion. To address this vulnerability, users should upgrade Liferay Portal to versions 7.4.3.108 and Liferay DXP to versions 2024.Q1.1, 2023.Q4.5, 2023.Q3.9, 7.3 U36 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43813.

    Read more
    CMS
    3 Oct 2025 Business and Enterprise Solutions
    Liferay: Audit Logs Exposure of Password Reminder Answers

    In Liferay Portal versions 7.2.0 through 7.4.3.112 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4, and older unsupported versions a medium severity vulnerability CVE-2025-43814 was detected. This issue occurs because audit events record a user’s password reminder answer, which can allow remote authenticated users to obtain this sensitive information through the audit logs. To address this vulnerability, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.1, 2023.Q4.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43814.

    Read more
    CMS
    3 Oct 2025 Business and Enterprise Solutions
    Liferay: Cross-Site Scripting in Page Configuration Feature

    In Liferay Portal versions 7.4.3.102 through 7.4.3.110 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 and 2023.Q3.5 a medium severity vulnerability CVE-2025-43815 was detected. This reflected cross-site scripting (XSS) vulnerability occurs on the page configuration page, where the com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLTitle parameter can be exploited by remote attackers to inject arbitrary web script or HTML. To address this issue, users should upgrade Liferay Portal to version 7.4.3.111 and Liferay DXP to versions 2024.Q1.1, 2023.Q4.3, 2023.Q3.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43815.

    Read more
    CMS
    2 Oct 2025 Business and Enterprise Solutions
    Liferay: Audit Event Exposure Across Virtual Instances

    In Liferay Portal versions 7.2.0 through 7.4.3.117 and Liferay DXP versions 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4, 7.3, and older unsupported versions a medium severity vulnerability CVE-2025-43827 was detected. This insecure direct object reference vulnerability allows an authenticated user from one virtual instance to view audit events from a different virtual instance via the _com_liferay_portal_security_audit_web_portlet_AuditPortlet_auditEventId parameter. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.118 and Liferay DXP to versions 2024.Q1.6, 2024.Q2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43827.

    Read more
    CMS
    2 Oct 2025 Business and Enterprise Solutions
    Liferay: Web Content Translation Vulnerability in Rich Text Fields

    In Liferay Portal versions 7.2.0 through 7.4.3.112 and Liferay DXP versions 2024.Q1.1 through 2024.Q1.2, 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4, and older unsupported releases a medium severity vulnerability CVE-2025-43826 was detected. This stored cross-site scripting issue allows remote attackers to inject arbitrary script or HTML via rich text fields in Web Content translation. To address this vulnerability, users should upgrade Liferay Portal to version 7.4.3.113 and Liferay DXP to versions 2024.Q2.0, 2024.Q1.3, 2023.Q4.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43826.

    Read more
    CMS
    30 Sep 2025 Business and Enterprise Solutions
    Liferay: Memory Leak in StructuredContents API Leading to Denial of Service

    In Liferay Portal versions 7.4.0 through 7.4.3.119, and Liferay DXP versions 2023.Q3.1 through 2023.Q3.10, 2023.Q4.0 through 2024.Q4.10, and 2024.Q1.1 through 2024.Q1.5 (including 7.4 GA through update 92 and older unsupported releases) a medium severity vulnerability CVE-2025-43816 was detected. This memory leak in the StructuredContents headless API could allow an attacker to repeatedly call the endpoint and exhaust server memory, leading to denial of service. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.120 or later, and Liferay DXP 2024.Q1.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43816.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}