CVE-2024-55541

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 16 versions prior to build 39169

Description The issue is related to a stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. This vulnerability can be exploited by a remote attacker to conduct an XSS attack.

Recommendations For Acronis Cyber Protect 16 versions prior to build 39169, update to a version that includes build 39169 or later to resolve the issue. As a temporary workaround, consider restricting access to the postMessage function until a patch is available.