Acronis: Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage

Blind XSS was possible on partners.acronis.com Tier 3 via several contact form fields. We have seen no signs of the exploitation of this vulnerability...

Acronis: XSS on https://partners.acronis.com/

Hello, I found DOM XSS on login page of https://partners.acronis.com/ Open this URL https://partners.acronis.com/en-us/profile/login.html?-back=test123" and search for var back =. Here input is HTML encoded but from that reflected value, element is created and appended to the form. F983552 We can...