Search This Blog

[unfixed] Persistent XSS Vulnerability in Ebay

The Indian security researcher, Shubham Upadhyay with online handle Cyb3R_Shubh4M, has discovered a persistent cross site scripting vulnerability in eBay site.

In an email sent to, researcher explained the details of vulnerability. In order to exploit the vulnerability, attackers would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.

At the time of writing , the vulnerability is unfixed . Here is the page where he injected his code:

The mirror is available here:

According to the researcher, it also gets executed in the domain when logged in the seller acco
Share it:


Web Application Vulnerability

XSS Vulnerability