CVE-2026-29598
- EPSS 0.03%
- Veröffentlicht 01.04.2026 00:00:00
- Zuletzt bearbeitet 03.04.2026 16:11:11
Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last...
CVE-2026-29597
- EPSS 0.03%
- Veröffentlicht 30.03.2026 00:00:00
- Zuletzt bearbeitet 03.04.2026 16:16:36
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating...
- EPSS 0.06%
- Veröffentlicht 12.01.2026 17:15:52
- Zuletzt bearbeitet 22.01.2026 22:02:45
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
CVE-2025-25967
- EPSS 0.41%
- Veröffentlicht 03.03.2025 19:15:35
- Zuletzt bearbeitet 06.03.2025 12:21:35
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in ...