Israeli application security firm, AppSec Labs, found a Cross site scripting (XSS) vulnerability in AliExpress, the company’s English language e-commerce site. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, also known as Google of China. The vulnerability has now been patched by the company and it is urging its customers to update their accounts immediately. Exploiting the vulnerability allowed him to change product prices, delete goods, and even close the merchant’s shop on the site.
Source: https://thehackernews.com/2014/12/alibaba-aliexpress-vulnerability.html