PatchSiren

DDSN Interactive CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM DDSN Interactive CVE published 2026-04-01

CVE-2026-29598

CVE-2026-29598 is a multiple stored cross-site scripting (XSS) vulnerability in DDSN Interactive Acora CMS v10.7.1. The vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters in the submit_add_user.asp endpoint. This vulnerability has a CVSS score of 5.4 and is classified as MEDIUM severity. Users of DDSN Interac [truncated]

MEDIUM DDSN Interactive CVE published 2026-03-30

CVE-2026-29597

CVE-2026-29597 is an improper access control vulnerability in DDSN Interactive cm3 Acora CMS version 10.7.1. An editor-privileged user can access sensitive configuration files by force browsing the '/Admin/file_manager/file_details.asp' endpoint and manipulating the 'file' parameter. This can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databa [truncated]