8.8

CVE-2024-32642

Exploit

EPSS 0.03%
Veröffentlicht 03.12.2025 16:37:53
Zuletzt bearbeitet 05.12.2025 15:36:02
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Masacms ≫ Masacms Version < 7.2.8

Masacms ≫ Masacms Version >= 7.3 < 7.3.13

Masacms ≫ Masacms Version >= 7.4.0 < 7.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

Vendor Advisory

Exploit

https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-32642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32642

EUVD