Expedia Group Bug Bounty: https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak

The info.php script on https://www.wotif.com was vulnerable to reflected HTML/CSS injection and COOKIE leak due to caching of HTTP headers. An attacker could inject malicious HTML/CSS code and steal victim cookies. The vulnerability was reported to the vendor...

Expedia Group Bug Bounty: Open Redirect in Logout & Login

An open redirect vulnerability was discovered in the logout and login functionality of Expedia's website. An attacker could exploit this vulnerability by manipulating the "rurl" parameter in the logout URL to redirect users to a malicious website, potentially leading to phishing or social...

Expedia Group Bug Bounty: Sensitive information for phpinfo.php at https://products.ean.com/

Vulnerability description not provided...

Expedia Group Bug Bounty: Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover)

A cache poisoning vulnerability allowed for stored cross-site scripting XSS attacks via the "hav" cookie parameter on abritel.fr, leading to account takeover. The server had a protection mechanism that hid double quotes, but not greater than and less than symbols, which allowed the attacker to...

Expedia Group Bug Bounty: Cache Deception Allows Account Takeover

A vulnerability allowed an attacker to extract a user's session token from a cacheable page, leading to account takeover. The session token was reflected in the response of a cacheable URL, and the server responded with a 200 OK. The caching server saw the response as cacheable due to the file...

Expedia Group Bug Bounty: Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass)

Vulnerability description not provided...

CVE-2020-6858

creationtimestamp| type| source ---|---|--- 2020-02-10 11:28:30+00:00| published-proof-of-concept| https://github.com/ExpediaGroup/styx/security/advisories/GHSA-6v7p-v754-j89v...