Priceline: Account takeover via Google OneTap

Summary: It's possible to take over any priceline.com user's account knowing their email. The only requirement is that the victim's email domain is not registered with Google's Gsuite. The root cause of this issue is that the backend does not verify whether the email provided is a confirmed one...

Priceline Hotels, Flight & Car - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Priceline Hotels, Flight & Car published at the 'play' market has multiple vulnerabilities...

priceline.com XSS vulnerability

Vulnerable URL: http://www.priceline.com/travel/airlines/lang/en-us/BaggageFeeHelp.asp?plf=PCLN=USUS+AirwayNwww.usair.com%22%3E%3Csvg/onload%3dalert%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 25.01.2017 Latest check for patch:| 25.01.2017 17:06 GMT Vulnerability type...

priceline.com XSS vulnerability

Vulnerable URL: http://www.priceline.com/home/?refid=123="...

priceline.com XSS vulnerability

Vulnerable URL: http://www.priceline.com/home/?refid="...