eBay is once again facing questions over its practice of allowing active content on its website. The Register said security firm Check Point recently found a vulnerability that could allow hackers to push malicious Javascript code towards targeted eBay users.
Check Point told the tech news site it had reported the problem to eBay in December but was told a month later that eBay had no plans to fix the vulnerability. “eBay does have security controls to handle active content,” the Register wrote. “The marketplace reckons these controls are sufficient – an assessment disputed by the Check Point team.”
An eBay UK spokesperson provided EcommerceBytes with the following statement: “As a company, we’re committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure.”
In 2014, the BBC had reported numerous times on the threat that active content poses on eBay UK. In responding to those reports in October 2014, eBay had said, “After a recent review of our processes and policies, we believe the benefits of allowing active content to our customers outweigh the extremely low likelihood of being exposed to them.”
You can read details of the latest report in Tuesday’s issue of The Register.