All 5 CVE vulnerabilities found in MasaCMS, with AI-generated Chinese analysis, references, and POCs.
Vendor: MasaCMS
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66492 | Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter CWE-79 | 8.2 | High | 2025-12-12 |
| CVE-2024-32643 | Masa CMS vulnerable to authentication bypass with /tag/ CWE-863 | 7.5 | High | 2025-12-03 |
| CVE-2024-32642 | Host header poisoning allows account takeover via password reset email CWE-346 | 8.8 | High | 2025-12-03 |
| CVE-2024-32641 | Masa CMS Vulnerable to Pre-Auth RCE via JSON API CWE-94 | 9.8 | Critical | 2025-12-03 |
| CVE-2024-32640 | MasaCMS SQL Injection vulnerability CWE-89 | 9.8 | Critical | 2025-08-11 |
All 5 known CVE vulnerabilities affecting MasaCMS with full Chinese analysis, references, and POCs where available.