JetBlue: XSS via Vuln Rendertron Instance At `██████████.jetblue.com/render/*`

A vulnerability was discovered in a Rendertron instance at a subdomain of a website, allowing for a reflected XSS attack. An attacker could exploit this vulnerability to execute malicious code on a victim's browser and potentially steal sensitive information...

JetBlue: Open Redirect - https://████████.jetblue.com/███?url=

Vulnerability description not provided...

JetBlue: Open Redirect

Vulnerability description not provided...

JetBlue: Dom-Based XSS on parameter ?vsid=

Researcher found a DOM XSS vulnerability in one of the JetBlue applications using the vsid parameter. The researcher used the below payload to trigger XSS: ';alert1;//...

JetBlue: Sensitive information disclosure on grafana

Sensitive information was disclosed through publicly accessible Grafana metrics, SAP public info endpoints, and an AWS bucket listing...

Airline DMARC Policies Lag, Opening Flyers to Email Fraud

More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC Domain-based Message Authentication, Reporting & Conformance is considered the industry standard for email authentication to prevent attackers from...

JetBlue Bomb Scare Set Off with Apple AirDrop

The feature in Apple mobile devices that allows people to send photos to nearby phones via Bluetooth is at the heart of a terrorism scare on a JetBlue flight over the weekend. According to the New York Daily News, a prankster sent a photo of a suicide vest to everyone who had an Apple device on t...

help.jetblue.com XSS vulnerability

Open Bug Bounty ID: OBB-485505 Description| Value ---|--- Affected Website:| help.jetblue.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

mobile.jetblue.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-277706 Description| Value ---|--- Affected Website:| mobile.jetblue.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

help.jetblue.com XSS vulnerability

Open Bug Bounty ID: OBB-262355 Description| Value ---|--- Affected Website:| help.jetblue.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

navtechpbs.jetblue.com XSS vulnerability

Open Bug Bounty ID: OBB-177304 Description| Value ---|--- Affected Website:| navtechpbs.jetblue.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

help.jetblue.com XSS vulnerability

Vulnerable URL: http://help.jetblue.com/SRVS/CGI-BIN/webisapi.dll/,/ Details: Description| Value ---|--- Patched:| Yes, at 19.01.2016 Latest check for patch:| 19.01.2016 18:32 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...