Acronis: Potential XSS in redirect_url Parameter

The summary is as follows: A vulnerability was identified on https://learn.acronis.com/ in the redirecturl parameter, where arbitrary JavaScript code could be injected. By manipulating the redirectUrl parameter, an attacker could execute JavaScript code on the victim's browser...

Acronis: Rate limit bypass on passport.acronis.work using X-Forwarded-For request header

The vulnerability allowed an attacker to bypass the rate limit and the restriction on attempting to log in to employee accounts using the X-Forwarded-For request header on the passport.acronis.work website...

Acronis: [oem.acronis.com] Reflected Cross Site Scripting

The researcher discovered a reflected cross-site scripting XSS vulnerability on the oem.acronis.com website. The vulnerability was found on the /test/testenv.html page, where user-supplied input was not properly sanitized, allowing the execution of arbitrary JavaScript code...

Acronis: HTTP Request Smuggling on https://promosandbox.acronis.com

Summary The website https://promosandbox.acronis.com is vulnerable to HTTP Request Smuggling which can be abused by an attacker to redirect all the users to a malicious website. A redirect can be forced by changing the Host request header using the path /sf but the website will redirect you to...