Home / Vulnerability Intelligence / CVE-2026-29598

CVE-2026-29598 - Vulnerability Analysis

MediumCVSS: 5.4

Last Updated: April 1, 2026

DDSN Interactive Acora CMS - Stored XSS

Published: April 1, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

DDSN Interactive Acora CMS v10.7.1 contains stored XSS vulnerabilities caused by improper sanitization of First Name and Last Name parameters in submit_add_user.asp, letting attackers execute arbitrary scripts via crafted payloads.

Severity & Score

Severity: Medium

CVSS Score: 5.4

Impact

Attackers can execute arbitrary scripts in users' browsers, potentially stealing cookies or performing actions on behalf of users.

Mitigation

Update to the latest version of DDSN Interactive Acora CMS.

References

http://acora.com
http://ddsn.com
https://github.com/padayali-JD/CVE-2026-29598

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29598
Severity: Medium
CVSS Score: 5.4
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N