CVE-2026-29598

Name of the Vulnerable Software and Affected Versions DDSN Interactive Acora CMS version 10.7.1

Description The application contains stored cross-site scripting (XSS) flaws in the submit add user.asp endpoint. Attackers can inject a crafted payload into the First Name and Last Name parameters to execute arbitrary web scripts or HTML.

Recommendations Update to a newer version that contains a fix for this vulnerability.