CVE-2023-48679

Description

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

Acronis / Acronis Cyber Protect 16unspecified – 37391

References

VENDOR_ADVISORYhttps://security-advisory.acronis.com/advisories/SEC-3469