74 matches found
EUVD-2026-17885
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
DDSN Interactive Acora CMS 安全漏洞
DDSN Interactive Acora CMS is an enterprise network and mobile CMS provided by DDSN Interactive. Version 10.7.1 of DDSN Interactive Acora CMS contains a security vulnerability. This vulnerability stems from multiple stored-xss vulnerabilities present in the submitadduser.asp endpoint. It could...
PT-2026-29530
Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29598
Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
EUVD-2026-17094
Incorrect access control in the filedetails.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
PT-2026-29038
CVE-2026-29597 Incorrect access control in the file details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via … https://t.co/pzg5FME6z1...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
CVE-2026-29597
CVE-2026-29597 affects DDSN Interactive Acora CMS v10.7.1. An editor-privileged user can force-browse and manipulate the file parameter of /Admin/file_manager/file_details.asp to access sensitive configuration files (e.g., cm3.xml), leaking credentials (system administrator, SMTP, database) and o...
CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
EUVD-2026-1916
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...
CVE-2025-63314
CVE-2025-63314 affects DDSN Interactive Acora CMS v10.7.1. The password reset function uses a static reset token, enabling an attacker to replay the token and arbitrarily reset user passwords, resulting in a full account takeover. The impact is described as high confidentiality and integrity impa...
EUVD-2013-4576
Malware in sbrugna...