eBay has resolved a cross-site scripting bug on its website that independent experts warned posed a significant risk of fraud to users of the auction site. The XSS flaw meant that, once logged into a seller account on eBay, an attacker could insert an XSS exploit code into a listing of an item for sale. The XSS security flaw …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 22nd November 2012 16:46 GMT James Gosling

I knew it!

I was sure I hadn't ordered that Bangalore Boogie Nights DVD! Damn it!

3 0
Sunday 25th November 2012 07:52 GMT Anonymous Coward

A good reason we should ignore XSS then?

“...XSS vulnerabilities always have gotten more attention than they deserve ... you're attacking other visitors, not the site itself."

Typical of the way big business thinks of its customers.

0 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

eBay: It's safe to buy busted lava lamps and bug-infested rugs again

COMMENTS

I knew it!

A good reason we should ignore XSS then?

Other stories you might like

Delinea Secret Server customers should apply latest patches

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Exploit code for Palo Alto Networks zero-day now public

Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib

Hotel check-in terminal bug spews out access codes for guest rooms

Ivanti commits to secure-by-design overhaul after vulnerability nightmare

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

Nvidia's newborn ChatRTX bot patched for security bugs

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Microsoft confirms memory leak in March Windows Server security update

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

About Us

Our Websites

Your Privacy