Lucene search
K

61 matches found

CNNVD
CNNVD
added 2021/11/08 12:0 a.m.10 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Banner Creator plugin in version 1.4....

4.8CVSS5.7AI score0.00598EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.19 views

WordPress Booking.com Banner Creator plugin <= 1.4.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Banner Creator plugin versions = 1.4.2. Solution Update the WordPress Booking.com Banner Creator plugin to the latest available version at least 1.4.3...

4.8CVSS1.8AI score0.00598EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.18 views

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Open the plugin's add new banner page B.com Banner - Add New Banner The form field named...

4.8CVSS1.7AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.16 views

Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC When creating a "New product shortcode" you can inject XSS payloads like i...

4.8CVSS1AI score0.00598EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.515 views

Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Open the plugin's add new banner page B.com Banner - Add New Banner The form field named "Banner...

4.8CVSS0.6AI score0.00598EPSS
Exploits2
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.21 views

WordPress Booking.com Product Helper plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Product Helper plugin versions = 1.0.1. Solution Update the WordPress Booking.com Product Helper plugin to the latest available version at least 1.0.2...

4.8CVSS1.1AI score0.00598EPSS
Exploits2References3Affected Software1
Malwarebytes
Malwarebytes
added 2021/04/05 4:8 p.m.52 views

A week in security (March 29 – April 4)

Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic...

7.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/11/07 2:6 p.m.9 views

e1-booking.com Cross Site Scripting vulnerability OBB-1491127

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
HackRead
HackRead
added 2020/11/06 8:34 p.m.27 views

Hotel reservation platform leaked user data from top online booking sites

By Waqas The list of online booking sites affected by the breach includes some of the top industry giants including Booking.com. This is a post from HackRead.com Read the original post: Hotel reservation platform leaked user data from top online booking sites...

1.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/07 2:12 p.m.4 views

rsv.fly-booking.com Cross Site Scripting vulnerability OBB-1312339

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/28 9:58 a.m.7 views

booking.ferries-booking.com Cross Site Scripting vulnerability OBB-1282081

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Citrix
Citrix
added 2020/06/11 12:0 a.m.6 views

MDX managed apps cannot open links properly so that apps which are not managed launch automatically

Problem description: MDX app policies are configured but the app that is not managed does not launch automatically as expected. Example use case: iOS has the Booking.com app installed from the Public App Store. The device also has Secure Web and Secure Mail installed. The Secure apps are managed ...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/30 9:55 a.m.6 views

iran-booking.com Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3661 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting iran-booking.com website and its users. Following...

Exploits0
ThreatPost
ThreatPost
added 2018/06/06 12:18 p.m.7 views

World Cup, Vacation Scams Lead in Phishing Trips this Summer

Summer is one of the traditional seasons of scamming, and this summer is shaping up to be a hot one on that front, with active campaigns swirling around supposed “security incidents,” vacation bookings and, of course, the World Cup. Scammers, for instance, recently targeted Booking.com customers...

0.2AI score
Exploits0References7
Openbugbounty
Openbugbounty
added 2018/01/25 12:34 p.m.17 views

developers.booking.com XSS vulnerability

Open Bug Bounty ID: OBB-544266 Description| Value ---|--- Affected Website:| developers.booking.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/24 2:14 p.m.13 views

booking.com XSS vulnerability

Open Bug Bounty ID: OBB-541605 Description| Value ---|--- Affected Website:| booking.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based o...

6.4AI score
Exploits0
hackapp
hackapp
added 2017/12/13 11:17 a.m.509 views

Booking.com Hotels & Vacation Rentals - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Booking.com Hotels & Vacation Rentals published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2017/12/01 4:9 p.m.20 views

booking.com XSS vulnerability

On the 01.12.2017 security researcher reported a XSS vulnerability affecting the booking.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 1 December, 2017 16:0...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/05/12 11:35 a.m.10 views

secure.booking.com XSS vulnerability

Vulnerable URL: https://secure.booking.com/mysettings.html?aru="--!" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check secure.booking.com SSL connection:| Grad...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2015/06/24 4:25 p.m.11 views

Hotels.com Phishing Scam Duping Travelers

An undisclosed number of travelers who use Hotels.com may have been victims of a phishing scheme. The company said some customers were recently tricked into disclosing their names, phone numbers, email addresses and travel bookings. An individual was reportedly able to convince customers that the...

7AI score
Exploits0References6
Rows per page
Query Builder