CVE-2025-66492
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| masacms | masacms | to 7.2.9 (exc) |
| masacms | masacms | From 7.3.1 (inc) to 7.3.14 (exc) |
| masacms | masacms | From 7.4.0 (inc) to 7.4.9 (exc) |
| masacms | masacms | From 7.5.0 (inc) to 7.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in Masa CMS versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8, and 7.5.0 through 7.5.1. It occurs because an unsanitized value of the ajax URL query parameter is directly included within the <head> section of the HTML page. This allows an attacker to inject and execute arbitrary scripts in the context of the user's session.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary scripts in the context of a user's session, potentially leading to session hijacking and data theft. Such unauthorized access and data compromise could result in violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information. Therefore, if exploited, this vulnerability could negatively impact compliance with these standards by exposing protected data and failing to ensure adequate security controls. [1]
How can this vulnerability impact me? :
The vulnerability can lead to several serious impacts including Session Hijacking, Data Theft, Defacement, and Malware Distribution by allowing attackers to execute arbitrary scripts within the user's session context.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the Masa CMS application for the presence of the ajax URL query parameter containing common XSS payload characters. You can use network traffic inspection tools or web server logs to identify suspicious requests. For example, using command-line tools like grep on web server logs to search for suspicious ajax parameter values or using tools like curl or wget to test the ajax parameter with typical XSS payloads. Specific commands are not provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include configuring a Web Application Firewall (WAF) rule, such as with ModSecurity, to block requests containing common XSS payload characters in the ajax query parameter. Alternatively, implement server-side sanitization using middleware to strip or escape dangerous characters from the ajax parameter before it reaches the vulnerable rendering logic. Additionally, upgrading Masa CMS to fixed versions 7.5.2, 7.4.9, 7.3.14, or 7.2.9 will resolve the issue.