What is the CVSS score of EUVD-2024-30444?

EUVD-2024-30444 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Masacms are affected by EUVD-2024-30444?

Masa CMS installations are vulnerable to account takeover through password reset email manipulation, affecting any organization using this platform for content management.. A patch is available.

Is there a public PoC exploit available for EUVD-2024-30444?

Yes, a public proof-of-concept exploit is available for EUVD-2024-30444. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2024-30444?

Within 24 hours: Identify all Masa CMS instances in your environment and document current versions. Within 7 days: Apply patches to upgrade to versions 7.2.8, 7.3.13, or 7.4.6 depending on your deployment track; prioritize production environments. Within 30 days: Conduct user access reviews to identify any unauthorized account activity since deployment, reset credentials for all administrative accounts, and audit password reset logs for suspicious patterns.

Masacms EUVD-2024-30444

| CVE-2024-32642 HIGH

Origin Validation Error (CWE-346)

2025-12-03 security-advisories@github.com

Information Disclosure Masacms

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2024-30444

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

Patch released

Mar 15, 2026 - 16:14 nvd

Patch available

PoC Detected

Dec 05, 2025 - 15:36 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 17:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Analysis

Technical ContextAI

This vulnerability is classified as Origin Validation Error (CWE-346).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

EUVD-2024-30444 vulnerability details – vuln.today

Back

Masacms EUVD-2024-30444

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code