QIWI: HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites

HTTP Request Smuggling is a technique to desync the sequence in which HTTP requests and responses are processed. This particular vulnerability abuses the CLTE variant of HTTP Request Smuggling as described in PortSwigger's blog. The domain api.flocktory.com was found to be vulnerable to this atta...