WordPress Widgets for Expedia Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Expedia Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID ebd1ac137457 Credits Rafie Muhammad Patchstack...

Expedia Group Bug Bounty: https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak

The info.php script on https://www.wotif.com was vulnerable to reflected HTML/CSS injection and COOKIE leak due to caching of HTTP headers. An attacker could inject malicious HTML/CSS code and steal victim cookies. The vulnerability was reported to the vendor...

Expedia Group Bug Bounty: Open Redirect in Logout & Login

An open redirect vulnerability was discovered in the logout and login functionality of Expedia's website. An attacker could exploit this vulnerability by manipulating the "rurl" parameter in the logout URL to redirect users to a malicious website, potentially leading to phishing or social...

Expedia Group Bug Bounty: Sensitive information for phpinfo.php at https://products.ean.com/

Vulnerability description not provided...

Expedia Group Bug Bounty: Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover)

A cache poisoning vulnerability allowed for stored cross-site scripting XSS attacks via the "hav" cookie parameter on abritel.fr, leading to account takeover. The server had a protection mechanism that hid double quotes, but not greater than and less than symbols, which allowed the attacker to...

Expedia Group Bug Bounty: Cache Deception Allows Account Takeover

A vulnerability allowed an attacker to extract a user's session token from a cacheable page, leading to account takeover. The session token was reflected in the response of a cacheable URL, and the server responded with a 200 OK. The caching server saw the response as cacheable due to the file...

Expedia Group Bug Bounty: Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass)

Vulnerability description not provided...

CVE-2020-6858

creationtimestamp| type| source ---|---|--- 2020-02-10 11:28:30+00:00| published-proof-of-concept| https://github.com/ExpediaGroup/styx/security/advisories/GHSA-6v7p-v754-j89v...

expediafr.custhelp.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-932964 Security Researcher AmalThamban Helped patch 3 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting expediafr.custhelp.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines...

expedia.at XSS vulnerability

Open Bug Bounty ID: OBB-648548 Description| Value ---|--- Affected Website:| expedia.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Expedia-owned travel site Orbitz said Tuesday a possible breach of both its consumer and partner platforms may have led to the disclosure of 880,000 payment cards. According to Expedia, criminals had access to Orbitz consumer and business partner platforms, but not the Orbitz.com website. The...

Expedia Orbitz Travel, Flights, Hotel Booking Site Compromised

Chicago-based online travel booking company Orbitz, a subsidiary of Expedia.com, reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online. Orbitz.com is a travel fare aggregator website and travel metasearch engine,...

Hackers steal banking & personal data of 800,000 Orbitz customers

By Waqas Orbitz.com, a Chicago, Illinois based popular travel website owned by Expedia This is a post from HackRead.com Read the original post: Hackers steal banking & personal data of 800,000 Orbitz customers...

cruise.expedia.com XSS vulnerability

Open Bug Bounty ID: OBB-516658 Description| Value ---|--- Affected Website:| cruise.expedia.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FS Expedia Clone SQL Injection Vulnerability

FS Expedia Clone is an online travel reservation management system based on PHP and MySQL. The system supports booking of airline tickets, hotel reservations and car rentals via the Internet or telephone agents. A SQL injection vulnerability exists in FS Expedia Clone version 1.0. A remote attack...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

Sql injection

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...

CVE-2017-17570

FS Expedia Clone 1.0 is affected by a SQL injection vulnerability in input parameters to pages.php (id), content.php (id) and show-flight-result.php (fl_orig, fl_dest). The issue stems from unsanitized user input in SQL queries, enabling remote attackers to inject commands. Public reports (Exploi...

CVE-2017-17570

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php florig or fldest parameter...