📦 Masacms

CVE-2024-32641 is a critical remote code execution vulnerability in Masa CMS that allows unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability exists in the addPar...

This vulnerability allows attackers to bypass authentication in Masa CMS by exploiting a flaw in the Remember Me function. Attackers can gain unauthorized access to administrative panels and user acco...

This Cross-Site Scripting (XSS) vulnerability in Masa CMS allows attackers to inject malicious scripts via the ajax URL query parameter. When exploited, these scripts execute in users' browsers, poten...

Masa CMS versions before 7.2.8, 7.3.13, and 7.4.6 are vulnerable to host header poisoning, which allows attackers to hijack password reset emails and take over user accounts. This affects all Masa CMS...

Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 contain an authorization bypass vulnerability. By appending '/tag/' to page URLs, attackers can access restricted content without proper permissions...

MasaCMS 7.2.1 contains a path traversal vulnerability in the image asset API endpoint that allows attackers to read arbitrary files from the server filesystem. This affects all MasaCMS 7.2.1 installat...