Report Email Alerts Open Bug Bounty: 138,091 coordinated disclosures
Total Vulnerabilities Fixed: 46,068
140,290 vulnerable websites, 14,995 VIP websites
3,372 security researchers, 4,391 notification subscribers

Open Bug Bounty ID:

OBB-49260

booking.com Security Vulnerability

On the 16.09.2014 security researcher xsscrapy disclosed XSS vulnerability affecting booking.com website.

On the 16.09.2014 security researcher xsscrapy discovered and reported XSS vulnerability affecting booking.com

On our side, we have notified website owner via all reasonable communication channels about the vulnerability, so it can be patched as quickly as possible.

Currently the vulnerability is patched and does not represent any security risk for the website or its visitors.

Vulnerability Details


booking.com Description

Booking.com: 536,544 hotels worldwide. 37+ million hotel reviews. Big savings on hotels in 65,000 destinations worldwide. Browse hotel reviews and find the guaranteed best price on hotels for all budgets.

Vulnerable URL:

http://www.booking.com/hotel/us/baymont-inn-suites-reno.en-us.html?aid =304142&dcid=4&fs=1&sid=ba3b5227e32b137be1c0517c114c48e7&tab=x</script ><sVg/onlOad=prompt(/xssposed/)>

Other details:

Patched:Yes, at 18.09.2014
Latest check for patch:18.09.2014 11:20 GMT
Vulnerability type:XSS
Vulnerability status:Publicly disclosed
Alexa Rank95
Google Pagerank7
VIP website status:Yes
Check booking.com for malware:Click here
Check booking.com SSL connection:Click here (Grade: A+) Refresh Results

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability reported16 September, 2014 at 11:27 GMT
Vulnerability existence verified and confirmed 16 September, 2014 at 19:51 GMT

Comments:

Please login via twitter to be the first one to comment.


Latest Vulnerabilities on *.booking.com

OBB-ID Reported by Status Reported on
unpatched
12.05.2017
unpatched
16.03.2017
patched
18.01.2017
unpatched
13.01.2017
unpatched
10.01.2017
patched
29.06.2015
patched
16.09.2014

Latest Vulnerabilities Reported by xsscrapy

OBB-ID Vulnerability Status Reported
patched
16.09.2014
unpatched
16.09.2014
unpatched
16.09.2014
patched
16.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
patched
11.09.2014
unpatched
11.09.2014
patched
11.09.2014
unpatched
11.09.2014
patched
11.09.2014
patched
11.09.2014
unpatched
09.09.2014
unpatched
09.09.2014


LATEST VIP SUBMISSIONS

immigrationboards.com
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
allbeauty.com
Reported by Random_Robbie Twitter: @Random_Robbie
Badges received: 7
Recommendations received: 27
Total reports: 6678
Total reports on VIP sites: 914
Total patched vulnerabilities: 604
on 25.07.2017
uspto.gov
Reported by keritzy Twitter: @keritzy
Badges received: 2
Total reports: 1556
Total reports on VIP sites: 138
Total patched vulnerabilities: 74
on 25.07.2017
bournemouthecho.co.uk
Reported by Random_Robbie Twitter: @Random_Robbie
Badges received: 7
Recommendations received: 27
Total reports: 6678
Total reports on VIP sites: 914
Total patched vulnerabilities: 604
on 25.07.2017
plymouthherald.co.uk
Reported by Random_Robbie Twitter: @Random_Robbie
Badges received: 7
Recommendations received: 27
Total reports: 6678
Total reports on VIP sites: 914
Total patched vulnerabilities: 604
on 25.07.2017
ub.edu
Reported by Random_Robbie Twitter: @Random_Robbie
Badges received: 7
Recommendations received: 27
Total reports: 6678
Total reports on VIP sites: 914
Total patched vulnerabilities: 604
on 25.07.2017
ykt.ru
Reported by OmniGooch Badges received: 5
Recommendations received: 3
Total reports: 4091
Total reports on VIP sites: 345
Total patched vulnerabilities: 656
on 25.07.2017
nu.edu.bd
Reported by OmniGooch Badges received: 5
Recommendations received: 3
Total reports: 4091
Total reports on VIP sites: 345
Total patched vulnerabilities: 656
on 25.07.2017
camsoda.com
Reported by Clova Badges received: 0
Total reports: 1
Total reports on VIP sites: 1
Total patched vulnerabilities: 0
on 25.07.2017
vdict.com
Reported by OmniGooch Badges received: 5
Recommendations received: 3
Total reports: 4091
Total reports on VIP sites: 345
Total patched vulnerabilities: 656
on 25.07.2017



LATEST SUBMISSIONS

urlcheck.info
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
twinklemagazine.nl
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
steel-paint.ru
Reported by sifflaern Badges received: 1
Total reports: 121
Total reports on VIP sites: 12
Total patched vulnerabilities: 0
on 25.07.2017
mmmonvhf.de
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
restaurant-online.biz
Reported by sifflaern Badges received: 1
Total reports: 121
Total reports on VIP sites: 12
Total patched vulnerabilities: 0
on 25.07.2017
ricerca24.ilsole24ore.com
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
100instrumentos.com.br
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
search.c3tv.com
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
mc-deler.com
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017
recipes.sparkpeople.com
Reported by Implosion Badges received: 3
Recommendations received: 19
Total reports: 1481
Total reports on VIP sites: 58
Total patched vulnerabilities: 237
on 25.07.2017