Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 Sep 2025 Business and Enterprise Solutions
    Liferay: Insufficient Session Expiration via SLO API

    In Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 a medium severity vulnerability CVE-2025-43819 was detected. This vulnerability allows unauthenticated users to reuse old user sessions through the SLO API. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132 or later, and Liferay DXP 2025.Q1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43819.

    Read more
    CMS
    29 Sep 2025 Business and Enterprise Solutions
    Liferay: Open Redirects in System, Instance, and Site Settings

    In Liferay Portal versions 7.1.0 through 7.4.3.101 and Liferay DXP versions 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a low severity vulnerability CVE-2025-43795 was detected. The issue is an open redirect affecting multiple settings pages (System, Instance and Site Settings) where an attacker could redirect users to arbitrary external URLs via the respective _redirect parameters in those portlets. To address this vulnerability, users should upgrade to Liferay Portal 7.4.3.102, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, Liferay DXP 2023.Q3.5, Liferay DXP 7.3 U36 and later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43795.

    Read more
    CMS
    22 Sep 2025 Business and Enterprise Solutions
    Liferay: License Registration CSRF Vulnerability

    In Liferay Portal versions 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, and older unsupported versions a medium severity vulnerability CVE-2025-43809 was detected. This vulnerability allows remote attackers to register a server license via the ‘orderUuid’ parameter. To fix this issue, users should upgrade to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, 2023.Q4.8, or 2023.Q3.9. For more information, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43809.

    Read more
    CMS
    22 Sep 2025 Business and Enterprise Solutions
    Liferay: Commerce Component Virtual Product Exposure

    In Liferay Portal versions 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 a medium severity vulnerability CVE-2025-43808 was detected. The Commerce component saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL. To fix this issue, users should upgrade to Liferay Portal 7.4.3.120, Liferay DXP 2024.Q2.0, 2024.Q1.1, or 2023.Q4.7. For more information, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43808.

    Read more
    CMS
    22 Sep 2025 Business and Enterprise Solutions
    Liferay: Contacts Center Widget IDOR Vulnerability

    In Liferay Portal 7.4.0 through 7.4.3.119 and Liferay DXP 2023.Q3–Q4 versions a medium severity vulnerability CVE-2025-43803 was found. It allows attackers to see contact names and email addresses through the _com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId parameter. To fix this, upgrade to Liferay Portal 7.4.3.120 or Liferay DXP 2024.Q2.0, 2024.Q1.1, or 2023.Q4.7. For details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43803.

    Read more
    CMS
    19 Sep 2025 Business and Enterprise Solutions
    Liferay: Remote DoS Vulnerability

    In Liferay Portal versions 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35 a medium severity vulnerability CVE-2025-43801 was detected. This vulnerability allows remote attackers to perform denial-of-service (DoS) attacks through a crafted XML-RPC request. To fix this problem, users should upgrade to version 7.4.3.112, 2024.Q1.1, 2023.Q4.0, 2023.Q3.5, or 7.3 U36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43801.

    Read more
    CMS
    19 Sep 2025 Business and Enterprise Solutions
    Liferay: Objects Rich Text Field XSS Vulnerability

    In Liferay Portal versions 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43800 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML by exploiting a crafted payload in an object with a rich text type field. To fix this problem, users should upgrade to version 7.4.3.112, 2024.Q1.1, 2023.Q4.1, or 2023.Q3.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43800.

    Read more
    CMS
    19 Sep 2025 Business and Enterprise Solutions
    Liferay: Custom Object API Stored XSS

    In Liferay Portal versions 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 a medium severity vulnerability CVE-2025-43802 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter in a custom object’s /o/c/<object-name> API endpoint. To fix this problem, users should upgrade to version 7.4.3.110, 2024.Q1.1, 2023.Q4.1, 2023.Q3.5, or 7.3 Update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43802.

    Read more
    CMS
    18 Sep 2025 Business and Enterprise Solutions
    Liferay: XSS Vulnerability in Liferay Portal Search Widget

    In Liferay Portal versions 7.4.3.93 through 7.4.3.111, and Liferay DXP versions 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 a high severity vulnerability CVE-2025-43804 was detected. This vulnerability allows attackers to inject arbitrary web script or HTML via the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter. To fix this problem, users should upgrade to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, or Liferay DXP 2023.Q3.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43804.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}