We didn’t expect eBay.com to have XSS (cross-site scripting) problem, when it is ‘so big’ and there had been so many phishing cases in the past. Phishing isn’t a new issue for eBay and Paypal. The hole should be plugged by now.


Tom Spring, PC World

A PC World reader alerted me to a flaw on eBay’s Web site
that enabled a scam designed to trick people into handing over their
personal information. eBay promptly patched the flaw last week, but
experts I spoke with are wondering how long the fix will hold.

The flaw allowed a scammer to use an increasingly common type of attack called cross-site scripting,
or XSS, to redirect people from an eBay listing to a spoofed eBay site.
Though eBay may have plugged the hole for now, experts say, similar
problems have surfaced in the past on eBay and other sites, and it’s a
safe bet they will again. The problem is not going away, and it will
continue to cause visitors to eBay and other sites trouble for the
foreseeable future.