CVE-2024-49265

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6...

CVE-2024-49265 WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6...

WordPress Booking.com Banner Creator Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Booking.com Banner Creator Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49265 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7251d29dfab6 Credits theviper17 Required privilege...

WordPress Booking.com Banner Creator Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Banner Creator plugin in version 1.4....

CVE-2021-24646

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24646

CVE-2021-24646 affects the Booking.com Banner Creator WordPress plugin pre-1.4.3. The vulnerability arises from improper input sanitization when creating banners, enabling stored Cross-Site Scripting (XSS) by high-privilege admins (admin+ scope). Multiple sources corroborate an XSS vector in the ...

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Open the plugin's add new banner page B.com Banner - Add New Banner The form field named "Banner...

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Open the plugin's add new banner page B.com Banner - Add New Banner The form field named...

WordPress Booking.com Banner Creator plugin <= 1.4.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Banner Creator plugin versions = 1.4.2. Solution Update the WordPress Booking.com Banner Creator plugin to the latest available version at least 1.4.3...