CVE-2024-32642

High CVSS: 8.8

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Vendor

Masacms

Product

Masacms

CWE

CWE-346

Yayın Tarihi

2025-12-03 17:15:48

Güncelleme

2025-12-05 15:36:02

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-346 Masacms HIGH Masacms 2025

Referanslar

https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960 https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

Benzer Kayıtlar

High

CVE-2025-66492

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0…

Critical

CVE-2024-32641

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 a…

High

CVE-2024-32643

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the…