80 matches found
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
EUVD-2026-17885
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
PT-2026-29530
Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
DDSN Interactive Acora CMS 安全漏洞
DDSN Interactive Acora CMS is an enterprise network and mobile CMS provided by DDSN Interactive. Version 10.7.1 of DDSN Interactive Acora CMS contains a security vulnerability. This vulnerability stems from multiple stored-xss vulnerabilities present in the submitadduser.asp endpoint. It could...
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
EUVD-2026-17094
Incorrect access control in the filedetails.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
PT-2026-29038
CVE-2026-29597 Incorrect access control in the file details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via … https://t.co/pzg5FME6z1...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
DDSN Interactive Acora CMS 安全漏洞
DDSN Interactive Acora CMS is an enterprise network and mobile CMS provided by DDSN Interactive. There is a security vulnerability in DDSN Interactive Acora CMS v10.7.1, which stems from improper access control at the filedetails.asp endpoint. This vulnerability could allow attackers with editor...
CVE-2026-29597
CVE-2026-29597 affects DDSN Interactive Acora CMS v10.7.1. An editor-privileged user can force-browse and manipulate the file parameter of /Admin/file_manager/file_details.asp to access sensitive configuration files (e.g., cm3.xml), leaking credentials (system administrator, SMTP, database) and o...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
DDSN Interactive Acora CMS 安全漏洞
DDSN Interactive Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive Acora CMS version v10.7.1, which stems from the use of static tokens for the password reset feature, which could lead to account takeover via replay attacks...