CVE-2024-32642

HIGH

Masacms < 7.2.8 - Origin Validation Error

Title source: rule

Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

References (2)

[Patch] https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960

View Patch ZIP pw:eip

[Exploit, Vendor Advisory] https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346 CWE-640

Status published

Affected Products (1)

masacms/masacms < 7.2.8

Timeline

Published Dec 03, 2025

Tracked Since Feb 18, 2026