CNNVD-202512-383 Information

CNNVD ID

CNNVD-202512-383

Related CVE

CVE-2024-32643

• CNNVD Published: 2025-12-03

Description (Chinese)

Masa CMS是一个数字体验平台。 Masa CMS 7.2.8之前版本、7.3.13之前版本和7.4.6之前版本存在安全漏洞，该漏洞源于修改页面URL包含tag声明时绕过组限制，可能导致未经授权的页面渲染。

Description (English)

Masa CMS is a digital experience platform. There is a security loophole in the previous version of Masa CMS 7.2.8, the previous version of 7.3.13 and the previous version of 7.4.6, which stems from the fact that the change of the URL to the page containing the Tag statement bypasses the group limit and may result in unauthorized page rendering.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/MasaCMS/MasaCMS/commit/d1a2e57ef8dbc50c87b178eacc85fcccb05f5b6c https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-f469-jh82-97fv https://access.redhat.com/security/cve/cve-2024-32643

Patch

https://github.com/MasaCMS/MasaCMS/releases