eBay security flaw has existed for months

Earlier this week it was revealed how clicking on some listings automatically redirected users to the harmful sites.EBay removed several posts, but said it was an isolated incident.But the BBC has since found multiple listings, from multiple users, exploiting the same vulnerability.Furthermore, several readers contacted the BBC detailing complaints they had made to the site.In a statement, eBay said it had a dedicated team working on security, but that criminals "intentionally adapt their code and tactics to try to stay ahead of the most sophisticated security systems".'Big problem'A transcript from February this year showed user Paul Castle explaining the issue, in detail, to eBay support staff."I was just browsing in Digital Cameras and came across a password-harvesting scam," wrote Mr Castle during the online chat with eBay support staff.Clicking on the listing link, Mr Castle explained, "transfers immediately to a password harvest scam page"."This is potentially a big security problem for eBay users," he said, adding: "There could be hundreds."EBay staff told Mr Castle that the problem had been escalated to "higher authorities".Other users got in touch with the BBC to outline how they too had found listings that, when clicked on, behaved in the same way.'Abusive ways'EBay's search function allows users to find only completed auctions that are no more than 15 days old.However, a brief search by the BBC uncovered 64 listings from the past 15 days that posed a danger to users.In each case, it appears cross-site scripting (XSS) has been used to hijack the user's browsing - placed in the listings page using javascript.In a statement on Friday, a spokeswoman for eBay said: "This is not a new type of vulnerability on sites such as eBay.(BBC)Bakudaily.Az