Lucene search
+L

61 matches found

HackRead
HackRead
added 2024/10/15 3:50 p.m.15 views

New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users

ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts…...

7.3AI score
Exploits0
Patchstack
Patchstack
added 2024/10/14 12:54 p.m.5 views

WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Booking.com Banner Creator versions = 1.4.6...

6.5CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.10 views

WordPress Booking.com Banner Creator Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Booking.com Banner Creator Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49265 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7251d29dfab6 Credits theviper17 Required privilege...

6.5CVSS6.6AI score0.00241EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2024/10/11 5:13 p.m.23 views

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...

7AI score
Exploits0
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.5 views

WordPress Widgets for Booking.com Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Booking.com Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID f02ed9505cf6 Credits Rafie Muhammad...

8CVSS7.2AI score0.00535EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2023/09/26 1:0 a.m.14 views

Credit card thieves target Booking.com customers

Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/06/18 6:11 a.m.8 views

e1-booking.com Cross Site Scripting vulnerability OBB-3440967

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/13 8:26 p.m.9 views

kite-booking.com Cross Site Scripting vulnerability OBB-3220905

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
CNVD
CNVD
added 2021/11/10 12:0 a.m.16 views

WordPress Booking.com Product Helper Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.23 views

WordPress Booking.com Banner Creator Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Banner Creator plugin in version 1.4....

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.16 views

CVE-2021-24645

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00598EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.42 views

CVE-2021-24646

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00598EPSS
Exploits2References1
OSV
OSV
added 2021/11/08 6:15 p.m.12 views

CVE-2021-24646

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/11/08 6:15 p.m.11 views

Cross site scripting

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/11/08 6:15 p.m.18 views

Cross site scripting

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/08 5:34 p.m.37 views

CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/11/08 5:34 p.m.59 views

CVE-2021-24646

CVE-2021-24646 affects the Booking.com Banner Creator WordPress plugin pre-1.4.3. The vulnerability arises from improper input sanitization when creating banners, enabling stored Cross-Site Scripting (XSS) by high-privilege admins (admin+ scope). Multiple sources corroborate an XSS vector in the ...

4.8CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/08 5:34 p.m.18 views

CVE-2021-24645 Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.2AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/11/08 5:34 p.m.72 views

CVE-2021-24645

CVE-2021-24645 concerns the Booking.com Product Helper WordPress plugin prior to 1.0.2. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Product Shortcode creation flow, caused by failure to sanitize and escape the Product Code. An attacker with admin+ privileges could inject XSS i...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....

4.8CVSS5.2AI score0.00598EPSS
Exploits2References2
Rows per page
Query Builder