Cross-Site Scripting Vulnerability in Masa CMS Versions

CVE-2025-66492

What is CVE-2025-66492?

Masa CMS, an open source Enterprise Content Management platform, is exposed to a vulnerability where an unsanitized ajax URL query parameter can lead to Cross-Site Scripting (XSS) attacks. This occurs due to the direct inclusion of untrusted data within the page's section, allowing attackers to execute arbitrary scripts within the user's session. Potential consequences include session hijacking, data theft, defacement, and malware distribution. To mitigate this vulnerability, it is recommended to upgrade to the fixed versions or implement Web Application Firewall (WAF) rules along with server-side sanitization methods.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References