CVE-2023-44207

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 15 versions before build 35979

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the protection plan name, which can be exploited by a remote attacker to perform cross-site scripting attacks. This vulnerability is associated with the failure to take measures to protect the structure of web pages.

Recommendations For Acronis Cyber Protect 15 versions before build 35979, update to a version after build 35979 to resolve the issue. As a temporary workaround, consider restricting access to the protection plan name feature until a patch is available.