CVE-2021-44203: 
Acronis Cyber Protect vulnerability analysis and mitigation

Stored cross-site scripting (XSS) vulnerability was discovered in protection plan details affecting Acronis Cyber Protect 15 (Windows, Linux) before build 28035. The vulnerability was disclosed on November 29, 2021 and assigned identifier CVE-2021-44203. (NVD)

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting). It received a CVSS v3.1 base score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, user interaction, and potential for confidentiality and integrity impacts (NVD).

The vulnerability allows attackers to inject malicious scripts into protection plan details that are stored and later executed in victims' browsers. This could lead to theft of sensitive information, session hijacking, or other client-side attacks when users view the affected protection plan details (NVD).

Users should upgrade to Acronis Cyber Protect 15 build 28035 or later to address this vulnerability. The vendor has released a patch that fixes the stored XSS issue in protection plan details (Vendor Advisory).