Softpedia – (International) Expert finds XSS flaw on eBay after bypassing "filtering mechanisms." eBay listed a security researcher in its hall of fame after the expert identified an unusual non-persistent cross-site scripting (XSS) vulnerability.
There was a WAF/IPS in place that filtered out the HTML and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and ran my HTML code and JavaScript, the expert explained. To demonstrate his findings, he published a proof-of-concept (PoC) video in which he details how he bypassed the filter. The researcher claims he also identified high-risk vulnerabilities on websites owned by Adobe and Apple. The PoCs for these particular security holes will be released as soon as the companies address the problems.