Primary

Context

Acronis Cyber Protect 16 Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Acronis Cyber Protect 16 for both Linux and Windows platforms, prior to build 39169. This vulnerability arises from inadequate origin validation in the postMessage function, allowing for the injection of malicious scripts that are stored and executed in the context of the user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can update to Acronis Cyber Protect 16 Update 3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acronis Cyber Protect 16 Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Acronis Cyber Protect 16

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating