216.73.217.50

CVE-2024-55541

· Published 02/01/2025 16:15 · Modified 06/03/2025 16:46

Labels: CVE-2024-55541 2025-01-02CVE-2024-55541CWE-79[email protected]

Essential information

Published
02/01/2025 16:15
Modified
06/03/2025 16:46
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
acronis / cyber protect cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
acronis / cyber protect cpe:2.3:a:acronis:cyber_protect:16:-:*:*:*:*:*:*
acronis / cyber protect cpe:2.3:a:acronis:cyber_protect:16:update1:*:*:*:*:*:*
acronis / cyber protect cpe:2.3:a:acronis:cyber_protect:16:update2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References