Blog | G5 Cyber Security

eBay XSS password-stealing security hole existed for months

Hackers exploited an XSS (cross-site scripting) flaw in eBay to take unsuspecting users to a phishing page instead of an auction page flogging an iPhone. The same flaw could have been abused to redirect web browsers to dangerous webpages, including content that might have been designed to infect users computers with malware. A new report from the BBC claims that the vulnerability has been in existence since at least February of this year. eBay says it has rigorous guidelines regarding the use of HTML and JavaScript on its auction listings.”]

Source: https://grahamcluley.com/ebay-password-stealing-security-hole-existed-months/

Exit mobile version