Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.
The product does not properly verify that the source of data or communication is valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Masacms | Masacms | * | 7.2.8 (excluding) |
| Masacms | Masacms | 7.3 (including) | 7.3.13 (excluding) |
| Masacms | Masacms | 7.4.0 (including) | 7.4.6 (excluding) |