First published: Thu Jan 02 2025(Updated: )
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
Credit: security@acronis.com
Affected Software | Affected Version | How to fix |
---|---|---|
Acronis Cyber Protect 16 | <build 39169 | |
All of | ||
Any of | ||
Acronis Cyber Protect | <=15 | |
Acronis Cyber Protect | =16 | |
Acronis Cyber Protect | =16-update1 | |
Acronis Cyber Protect | =16-update2 | |
Any of | ||
Linux Kernel | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-55541 is classified as a high severity vulnerability due to its potential for enabling stored cross-site scripting (XSS) attacks.
To fix CVE-2024-55541, upgrade Acronis Cyber Protect 16 to build 39169 or later.
CVE-2024-55541 affects Acronis Cyber Protect 16 on both Linux and Windows platforms before build 39169.
CVE-2024-55541 is a stored cross-site scripting (XSS) vulnerability caused by missing origin validation in postMessage.
Yes, CVE-2024-55541 can potentially lead to data breaches by allowing attackers to execute malicious scripts in the context of a victim's session.