Stored Cross-Site Scripting Vulnerability in Acronis Cyber Protect 16
CVE-2024-55541

6.1MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 2 January 2025

Summary

A stored cross-site scripting (XSS) vulnerability exists in Acronis Cyber Protect 16 due to insufficient origin validation in the postMessage function. This flaw allows attackers to inject malicious scripts that could be executed in the context of the affected application. Users operating versions prior to build 39169 are particularly at risk. Mitigation efforts are recommended to address this vulnerability and safeguard sensitive user data. For further information, consult the vendor's advisory.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

References

https://security-advisory.acronis.com/advisories/SEC-3647

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 6, 2024