CVE-2021-44203

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 (Windows, Linux) versions prior to build 28035

Description: A stored cross-site scripting (XSS) issue was possible in protection plan details. This type of issue allows an attacker to inject malicious scripts into content from otherwise trusted websites, which can lead to unauthorized actions on behalf of the user.

Recommendations: For Acronis Cyber Protect 15 (Windows, Linux) versions prior to build 28035, update to a version that is build 28035 or later to resolve the issue. As a temporary workaround, consider restricting access to the protection plan details feature until a patch is available.