Moreover, on January 16th eBay representatives said that they do not plan to fix this vulnerability.
The problem is that cybercriminals can now cheat eBay filters, which are responsible for detection of malicious code. So, they can create supposedly legitimate pages stores on eBay, plant malicious code into them using JSF ** k, and when a visitor opens such a page, it leads to very unpleasant consequences.
In fact, hackers are limited only by their imagination. After visiting a malware-laden page, a person can become a victim of phishing attack or identity theft. For example, on infected eBay page, he or she is likely to be prompted to download eBay mobile application for a special price. Everything looks legitimate and safe, but if the victim confirms the download, malware is loaded to the device.
Since eBay representatives officially stated that they don’t consider the possibility of such an attack a vulnerability, Check Point experts can only hope that the company will change its mind.