CNNVD-202512-2396 Information
CNNVD ID
CNNVD-202512-2396
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Masa CMS是一个数字体验平台。 Masa CMS 7.2.8及之前版本、7.3.1至7.3.13版本、7.4.0-alpha.1至7.4.8版本和7.5.0至7.5.1版本存在跨站脚本漏洞,该漏洞源于ajax URL查询参数未清理直接包含在HTML页面head部分,可能导致跨站脚本攻击。
Description (English)
Masa CMS is a digital experience platform. Masa CMS 7.2.8 and previous versions, Versions 7.3.1 to 7.3.13, Versions 7.4.0-alpha.1 to 7.4.8 and Versions 7.5.0 to 7.5.1 have cross-site script loopholes, which stem from the fact that ajax URL query parameters have not been cleared and are directly contained in the head section of the HTML page and may lead to cross-site script attacks.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/MasaCMS/MasaCMS/commit/376c27196b1e2489888b7a000cdf5c45bb85959e https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-249c-vqwv-43vc
Patch
https://github.com/MasaCMS/MasaCMS/releases
Share on: