An Indian security researcher Shubham Upadhyay aka Cyb3R_Shubh4M, reported a new permanent XSS affecting the products listings on eBay.com. 

AegisLab also test again immediately, so far, this vulnerability is currently unfixed!!

Here is the page with XSS injection code: 

 

 

For this flaw, you need a eBay seller account, login to your account on eBay and create a listing for sale. Then put XSS code into HTML.

 

 

  

 

The news of XSS vulnerabilities is nothing new, but still so dangerous. What are the threats of XSS? Everything from account hijacking, shopping, payment, changing of user settings, cookie theft/poisoning, or false advertising is possible.

 

by AegisLab