The popular online auction site eBay recently patched two potentially critical vulnerabilities, a cross-site scripting bug and a SQL injection vulnerability. The SQL injection flaw was discovered by David Vieira-Kurz, a web security engineer, earlier this month. The XSS flaw could have allowed a hacker access to a seller s account and the ability to insert a XSS exploit into the code on a product’s page. eBay fixed the vulnerability in about 20 days, a security engineer said.
Source: https://threatpost.com/ebay-patches-critical-xss-sql-holes-112612/77244/