DDSN Interactive Acora CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in DDSN Interactive Acora CMS version 10.7.1. This vulnerability exists in the user management feature, specifically within the submit_add_user.asp and submit_edit_user.asp endpoints. It allows administrators to inject malicious scripts into the First Name and Last Name fields, which are then stored in the application's database. When this data is displayed in the user interface, the injected scripts are executed, potentially leading to session hijacking, credential theft, or unauthorized actions on behalf of the affected user.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of other users' browsers, with potential consequences including session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.

Added: Apr 1, 2026, 3:37 PM

Updated: Apr 1, 2026, 3:37 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

4.7

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

4.7

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DDSN Interactive Acora CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

DDSN Interactive Acora CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating