Acronis Program Statistics

View program

43 total issues disclosed

$9,087 total paid publicly

Most disclosed (6 disclosures) — Cross-site Scripting (XSS) - Stored

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
IDOR vulnerability (Price manipulation) Insecure Direct Object Reference (IDOR) spookhorror Medium 2021-11-30
Cross Site Scripting (Reflected) on https://www.acronis.cz/ Cross-site Scripting (XSS) - Reflected darkdream Low 2021-11-17
HTTP Request Smuggling on https://promosandbox.acronis.com HTTP Request Smuggling riramar Low 2021-11-16
HTTP Request Smuggling on https://consumer.acronis.com HTTP Request Smuggling riramar Low 2021-11-16
Stored XSS in profile page Cross-site Scripting (XSS) - Stored darkdream Medium 2021-11-14
Subdomain takeover of main domain of https://www.cyberlynx.lu/ Privilege Escalation doosec101 Medium 2021-10-12
bypass sql injection #1109311 SQL Injection lu3ky-13 Medium 2021-10-05
XSS Stored in Cacheable response Cross-site Scripting (XSS) - Stored dj4ng0d2 Medium 2021-09-05
IDOR on www.acronis.com API lead to steal private business user information Insecure Direct Object Reference (IDOR) f_m Medium 2021-08-31
Possible LDAP username and password disclosed on Github Information Disclosure vovohelo Medium 2021-08-17
[acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure Information Disclosure amsda Low 2021-08-17
SQL Injection in agent-manager SQL Injection bourbon High 2021-08-16
Acronis True Image 2021 (windows) does not validate server hostname on a login TLS connection Improper Certificate Validation aapo High 2021-08-10
Local privilege escalation via insecure MSI file Privilege Escalation twvyy3vyaw8k High 2021-08-07
Acronis True Image (Windows) does not validate server certificate on a TLS connection Improper Certificate Validation aapo High 2021-08-05
Blind Stored XSS in https://partners.acronis.com/admin which lead to sensitive information/PII leakage Cross-site Scripting (XSS) - Stored mansishah High 2021-07-29
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/ Cross-site Scripting (XSS) - Reflected samincube Medium 2021-07-19
Self XSS on Acronis Cyber Cloud Cross-site Scripting (XSS) - Generic sbakhour Low 2021-06-28
Stored XSS in backup scanning plan name Cross-site Scripting (XSS) - Stored sbakhour Medium 2021-06-28
XSS in (Support Requests) : User Cases Cross-site Scripting (XSS) - Stored soulx01 Medium 2021-06-24
anti_ransomware_service.exe REST API does not require authentication Missing Authentication for Critical Function mjoensen Medium 2021-06-24
No brute force protection on web-api-cloud.acronis.com Brute Force hensis Low 2021-06-24
Local File Disclosure /Delete On [us-az-vpn.acronis.com] Path Traversal 10nf Medium 2021-06-22
Reflected XSS on my.acronis.com Cross-site Scripting (XSS) - Generic f_m Low 2021-06-22
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress Cross-site Scripting (XSS) - Reflected cabelo Medium 2021-06-22
SQL injection on admin.acronis.host development web service SQL Injection stealthy High 2021-06-22
Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services Privilege Escalation sumgr0 Low 2021-06-18
Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services Privilege Escalation sumgr0 Low 2021-06-18
XSS on https://partners.acronis.com/ Cross-site Scripting (XSS) - DOM yash_ Low 2021-06-17
Web cache poisoning at www.acronis.com Violation of Secure Design Principles 9529 Medium 2021-06-17
Account Takeover on unverified emails in File Sync & Share Violation of Secure Design Principles 0xcrypto Medium 2021-06-16
SQL injection in https://www.acronis.cz/ via the log parameter SQL Injection mmg Medium 2021-06-11
Stored XSS in Acronis Cyber Protect Console Cross-site Scripting (XSS) - Stored sbakhour Medium 2021-06-10
Flash Based Reflected XSS on www.grouplogic.com/jwplayer/player.swf Cross-site Scripting (XSS) - Reflected ali Low 2021-04-13
Reflected XSS on http://www.grouplogic.com/files/glidownload/verify.asp Cross-site Scripting (XSS) - Reflected ali Low 2021-04-13
Reflected XSS on www.grouplogic.com/video.asp Cross-site Scripting (XSS) - Reflected ali Low 2021-04-13
Ticket Trick at https://account.acronis.com Improper Access Control - Generic sayaanalam High 2020-11-10
Clickjacking on cas.acronis.com login page UI Redressing (Clickjacking) dgirlwhohacks Low 2020-11-03
DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter] None supplied f_m Low 2020-10-20
Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini) Privilege Escalation adr High 2020-10-20
Get ip and Geo location any user via Clickjacking with inspectlet technology Information Disclosure abosala7 None 2020-10-15
Missing rate limit for current password field (Password Change) Account Takeover Brute Force full109tun Medium 2020-10-06
Content Spoofing Phishing full109tun None 2020-08-12