Independent security researcher David Sopas has identified a reflected cross-site scripting (XSS) vulnerability on eBay’s careers website (ebaycareers.com).The expert has revealed that the security hole affected the search section of the website, more precisely the field from “Search Openings.”
eBay has addressed the vulnerability and, according to Sopas, a few webpages have been removed in the process.
Sopas has been added to the company’s Responsible Disclosure Acknowledgement Page.
In January, the researcher identified DOM-based XSS vulnerabilities on the websites of three world-renowned security solutions providers: Panda Security, AVG Technologies and Kaspersky Lab.
A recent study released by FireHost shows that the number of XSS attacks has increased by 160% in the fourth quarter of 2012. The company’s servers blocked 2.4 million attacks between October and December alone.