61 matches found
New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users
ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts…...
WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Booking.com Banner Creator versions = 1.4.6...
WordPress Booking.com Banner Creator Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Booking.com Banner Creator Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49265 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7251d29dfab6 Credits theviper17 Required privilege...
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...
WordPress Widgets for Booking.com Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload
Software Widgets for Booking.com Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID f02ed9505cf6 Credits Rafie Muhammad...
Credit card thieves target Booking.com customers
Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...
e1-booking.com Cross Site Scripting vulnerability OBB-3440967
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kite-booking.com Cross Site Scripting vulnerability OBB-3220905
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Booking.com Product Helper Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....
WordPress Booking.com Banner Creator Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Banner Creator plugin in version 1.4....
CVE-2021-24645
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646
CVE-2021-24646 affects the Booking.com Banner Creator WordPress plugin pre-1.4.3. The vulnerability arises from improper input sanitization when creating banners, enabling stored Cross-Site Scripting (XSS) by high-privilege admins (admin+ scope). Multiple sources corroborate an XSS vector in the ...
CVE-2021-24645 Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24645
CVE-2021-24645 concerns the Booking.com Product Helper WordPress plugin prior to 1.0.2. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Product Shortcode creation flow, caused by failure to sanitize and escape the Product Code. An attacker with admin+ privileges could inject XSS i...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....