anonhaven
Ad

CVE-2024-55541

MEDIUM CVSS 3.1: 6.1 EPSS 0.33%
Updated Mar 06, 2025
Linux
Parameter Value
CVSS 6.1 (MEDIUM)
Affected Versions before 15
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Linux
Public PoC No

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 6

Configuration From (including) Up to (excluding)
Acronis Cyber_Protect
cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
 <= 15
Acronis Cyber_Protect
cpe:2.3:a:acronis:cyber_protect:16:-:*:*:*:*:*:*
Acronis Cyber_Protect
cpe:2.3:a:acronis:cyber_protect:16:update1:*:*:*:*:*:*
Acronis Cyber_Protect
cpe:2.3:a:acronis:cyber_protect:16:update2:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 1

https://security-advisory.acronis.com/advisories/SEC-3647
security@acronis.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31685

Linux

None

CVE-2026-31684

Linux

None

CVE-2026-31683

Linux

None

CVE-2026-31682

Linux

None

CVE-2026-31681

Linux

None