Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: You know eBay (who doesn't?) - Do you know that eBay still has a potentially dangerous cross-site scripting (XSS) vulnerability exists even after it was discovered a year back

Wednesday, April 29, 2015

You know eBay (who doesn't?) - Do you know that eBay still has a potentially dangerous cross-site scripting (XSS) vulnerability exists even after it was discovered a year back

eBay is not a Mom-n-Pop shop so, how come they are not bothered?

From the Article:

Kääp emailed eBay four times over the course of 12 months – initially a year ago, then again three, five, and seven months after he discovered the bug. After repeated prodding, officials at eBay told Kääp they couldn’t reveal any information about its fix schedule. Each time he emailed, Kääp claims, it was because the vulnerability had not been remedied. While eBay asked him not to disclose his bug, it has neglected to give him a timeline regarding a fix.

the bug could allow an attacker to carry out an XSS attack over eBay’s internal messaging system by catching and tweaking a request.

Check the link below for more details.

https://threatpost.com/a-year-later-xss-vulnerability-still-exists-in-ebay/112493

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Wednesday, April 29, 2015

You know eBay (who doesn't?) - Do you know that eBay still has a potentially dangerous cross-site scripting (XSS) vulnerability exists even after it was discovered a year back

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive