Medium severity5.4NVD Advisory· Published Apr 1, 2026· Updated Apr 27, 2026
CVE-2026-29598
CVE-2026-29598
Description
Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 10.7.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.