61 matches found
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Banner Creator plugin in version 1.4....
WordPress Booking.com Banner Creator plugin <= 1.4.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Banner Creator plugin versions = 1.4.2. Solution Update the WordPress Booking.com Banner Creator plugin to the latest available version at least 1.4.3...
Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Open the plugin's add new banner page B.com Banner - Add New Banner The form field named...
Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC When creating a "New product shortcode" you can inject XSS payloads like i...
Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Open the plugin's add new banner page B.com Banner - Add New Banner The form field named "Banner...
WordPress Booking.com Product Helper plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Product Helper plugin versions = 1.0.1. Solution Update the WordPress Booking.com Product Helper plugin to the latest available version at least 1.0.2...
A week in security (March 29 – April 4)
Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic...
e1-booking.com Cross Site Scripting vulnerability OBB-1491127
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Hotel reservation platform leaked user data from top online booking sites
By Waqas The list of online booking sites affected by the breach includes some of the top industry giants including Booking.com. This is a post from HackRead.com Read the original post: Hotel reservation platform leaked user data from top online booking sites...
rsv.fly-booking.com Cross Site Scripting vulnerability OBB-1312339
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
booking.ferries-booking.com Cross Site Scripting vulnerability OBB-1282081
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
MDX managed apps cannot open links properly so that apps which are not managed launch automatically
Problem description: MDX app policies are configured but the app that is not managed does not launch automatically as expected. Example use case: iOS has the Booking.com app installed from the Public App Store. The device also has Secure Web and Secure Mail installed. The Secure apps are managed ...
iran-booking.com Cross Site Scripting vulnerability
Security Researcher g0bl1nsec Helped patch 3661 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting iran-booking.com website and its users. Following...
World Cup, Vacation Scams Lead in Phishing Trips this Summer
Summer is one of the traditional seasons of scamming, and this summer is shaping up to be a hot one on that front, with active campaigns swirling around supposed “security incidents,” vacation bookings and, of course, the World Cup. Scammers, for instance, recently targeted Booking.com customers...
developers.booking.com XSS vulnerability
Open Bug Bounty ID: OBB-544266 Description| Value ---|--- Affected Website:| developers.booking.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...
booking.com XSS vulnerability
Open Bug Bounty ID: OBB-541605 Description| Value ---|--- Affected Website:| booking.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based o...
Booking.com Hotels & Vacation Rentals - Hardcoded secrets, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Booking.com Hotels & Vacation Rentals published at the 'play' market has multiple vulnerabilities...
booking.com XSS vulnerability
On the 01.12.2017 security researcher reported a XSS vulnerability affecting the booking.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 1 December, 2017 16:0...
secure.booking.com XSS vulnerability
Vulnerable URL: https://secure.booking.com/mysettings.html?aru="--!" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check secure.booking.com SSL connection:| Grad...
Hotels.com Phishing Scam Duping Travelers
An undisclosed number of travelers who use Hotels.com may have been victims of a phishing scheme. The company said some customers were recently tricked into disclosing their names, phone numbers, email addresses and travel bookings. An individual was reportedly able to convince customers that the...