Independent security researcher David Sopas has identified a reflected cross-site scripting (XSS) vulnerability on eBay’s careers website (ebaycareers.com).
The expert has
revealed that the security hole affected the search section of the website, more precisely the field from “Search Openings.”
eBay has addressed the vulnerability and, according to Sopas, a few webpages have been removed in the process.
Sopas has been added to the company’s
Responsible Disclosure Acknowledgement Page.
In January, the researcher
identified DOM-based XSS vulnerabilities on the websites of three world-renowned security solutions providers: Panda Security, AVG Technologies and Kaspersky Lab.
A recent study released by FireHost
shows that the number of XSS attacks has increased by 160% in the fourth quarter of 2012. The company’s servers blocked 2.4 million attacks between October and December alone.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
