MasaCMS — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting MasaCMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MasaCMS serves as a content management system enabling website creation and management for businesses and developers. Historically, the platform has been susceptible to multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities, contributing to its 13 recorded CVEs. Security researchers have identified consistent weaknesses in input validation and access control mechanisms. While no major public security incidents have been widely documented, the accumulation of CVEs suggests ongoing security challenges requiring diligent patch management and secure configuration practices. Organizations implementing MasaCMS should prioritize regular security updates and conduct thorough vulnerability assessments to mitigate potential risks.

Top products by MasaCMS: MasaCMS

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40332	Masa CMS open redirect via improper handling of scheme-relative URLs — MasaCMSCWE-601	-	-	2026-05-06
CVE-2026-40326	Masa CMS CSRF in site bundle creation allows unauthorized site data export — MasaCMSCWE-352	-	-	2026-05-06
CVE-2026-40325	Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content — MasaCMSCWE-352	-	-	2026-05-06
CVE-2026-40309	Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content — MasaCMSCWE-352	-	-	2026-05-06
CVE-2026-40174	Masa CMS CSRF in user address management allows unauthorized address changes — MasaCMSCWE-352	-	-	2026-05-06
CVE-2026-40331	Masa CMS unauthenticated SQL injection via altTable parameter in JSON API — MasaCMSCWE-89	-	-	2026-05-05
CVE-2026-40330	Masa CMS SQL injection via sortDirection parameter in beanFeed — MasaCMSCWE-89	-	-	2026-05-05
CVE-2026-40329	SQL Injection vulnerability via sortBy in beanFeed — MasaCMSCWE-89	-	-	2026-05-05
CVE-2025-66492	Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter — MasaCMSCWE-79	8.2	High	2025-12-12
CVE-2024-32643	Masa CMS vulnerable to authentication bypass with /tag/ — MasaCMSCWE-863	7.5	High	2025-12-03
CVE-2024-32642	Host header poisoning allows account takeover via password reset email — MasaCMSCWE-346	8.8	High	2025-12-03
CVE-2024-32641	Masa CMS Vulnerable to Pre-Auth RCE via JSON API — MasaCMSCWE-94	9.8	Critical	2025-12-03
CVE-2024-32640	MasaCMS SQL Injection vulnerability — MasaCMSCWE-89	9.8	Critical	2025-08-11

This page lists every published CVE security advisory associated with MasaCMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

MasaCMS — Vulnerabilities & Security Advisories 13