A Romanian "security enthusiast" said he discovered new cross-site scripting (XSS) vulnerabilities on PayPal and eBay that could be used by fraudsters to create very credible phishing attacks, according to Softpedia. A Forbes blog post explains in more detail how the alleged PayPal flaw works. PayPal did not respond to AuctionBytes inquiry about the reports by press time.*

Phishing is a serious problem for eBay - fraudsters use phishing scams to trick account holders and then hijack their accounts, as described in this AuctionBytes Newsflash article from March.

read the rest at link...