CVE-2024-32642

Host header poisoning allows account takeover via password reset email

Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

INFO

Published Date :

2025-12-03T16:37:53.409Z

Last Modified :

2025-12-03T16:50:44.007Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-32642 vulnerability.

Vendors	Products
Masacms	Masacms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32642.

URL	Resource
https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960
https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact