CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35556
https://notcve.org/view.php?id=CVE-2020-35556
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Debido a que el servicio de notificación local configura inapropiadamente CORS, puede ocurrir una divulgación de información • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm https://www.acronis.com •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35664
https://notcve.org/view.php?id=CVE-2020-35664
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en la consola • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm https://www.acronis.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •