CVE-2024-32642

HIGH

Masacms < 7.2.8 - Origin Validation Error

Title source: rule

Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

References (2)

[Exploit, Vendor Advisory] https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

[Patch] https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 6.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-346 CWE-640

Status published

Products (1)

masacms/masacms < 7.2.8

Published Dec 03, 2025

Tracked Since Feb 18, 2026