CVE-2026-29598 is a multiple stored cross-site scripting (XSS) vulnerability in DDSN Interactive Acora CMS v10.7.1. The vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters in the submit_add_user.asp endpoint. This vulnerability has a CVSS score of 5.4 and is classified as MEDIUM severity. Users of DDSN Interac [truncated]
CVE-2026-29597 is an improper access control vulnerability in DDSN Interactive cm3 Acora CMS version 10.7.1. An editor-privileged user can access sensitive configuration files by force browsing the '/Admin/file_manager/file_details.asp' endpoint and manipulating the 'file' parameter. This can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databa [truncated]