eBay has no plans to fix a "severe" vulnerability that allows attackers to use the company's trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said.

The vulnerability allows attackers to bypass a key restriction that prevents user posts from hosting JavaScript code that gets executed on end-user devices. eBay has long enforced the limitation to prevent scammers from creating auction pages that execute dangerous code or content when they're viewed by unsuspecting users. Using a highly specialized coding technique, hackers can work around this safeguard.

A reflected cross-site scripting vulnerability on eBay’s website could have been exploited by malicious actors for phishing attacks, a researcher has demonstrated. The flaw was identified in December by a researcher who uses the online moniker “MLT.”

The expert complained that eBay had not responded to his report for a month, and the e-commerce giant only patched the issue after being contacted by the media. XSS vulnerabilities are highly common, but that doesn’t make them any less dangerous. A blog post and proof-of-concept video show how an attacker could have exploited the weakness to launch phishing attacks.

Criminals are exploiting a vulnerability in about 87,000 e-commerce websites that puts information including customers' stored credit-card data at risk. The online shopping websites were susceptible to a chain of weaknesses on the platform Magento.

Cybercriminals who exploit the security holes could take complete control of the website with pretty much a single request. For all the credit cards that are stored in the system, the attackers are going to have access to that. Through the security flaw, criminals can access databases with customers' personal information, or inject nasty code into the website so it infects users with malware.

The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click, affecting more than 156 millions PayPal users.

An Egyptian security researcher has discovered three critical vulnerabilities in PayPal website, which could be used by cybercriminals in the targeted attacks. PayPal uses security Auth tokens for detecting the legitimate requests from the account holder, but expert successfully bypassed it to generate exploit code for targeted attacks.

Online auction site eBay has advised its clients to change their passwords after a cyber-attack allowed hackers to gain access to one of its databases. Information stolen included personal details of “a large number of accounts.”

The California-based company has been asking its users “to change their passwords because of a cyber-attack that compromised a database containing encrypted passwords and other non-financial data,” according to a statement released on the company website. “For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords,” spokeswoman Kari Ramirez told.