eBay bug allows hackers to embed malicious code: report

Security firm Check Point Software has identified an eBay vulnerability that allows attackers to use the website to phish unsuspecting users or to infect their devices. Attackers using a programming technique, known as JSFUCK, could bypass a key restriction keeps people from embedding JavaScript codes into auction pages.

Those codes run with the opening of the page on either a mobile or a desktop browser. Some users had received an eBay link and were then prompted to install a malware masquerading as a "discount app" upon viewing the item's details.

Check Point Software said in a blog post, that eBay had been notified about the flaw back in December, the company, however, said it did not have plans to fix the vulnerability. eBay told Ars Technica, however, that it had been in touch with Check Point Software and that it had "implemented various security filters" on the basis of its findings. eBay further added that it had not detected any fraudulent activity that took advantage of the bug yet.

''Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace.