PT-2024-13620 · Acronis · Acronis Cyber Protect 16
Published
2024-02-27
·
Updated
2024-02-28
·
CVE-2023-48679
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect 16 versions before build 37391
Description
A stored cross-site scripting (XSS) issue exists due to missing origin validation in
postMessage. This allows for potential exploitation. The estimated number of affected devices is not specified.Recommendations
For Acronis Cyber Protect 16 versions before build 37391, update to a version after build 37391 to resolve the issue. As a temporary workaround, consider restricting the use of the
postMessage function until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Cyber Protect 16