The H – (International) eBay closes critical security holes. The online auction house eBay has fixed two vulnerabilities in its U.S. website. One of the vulnerabilities was a critical SQL injection hole in the site's selling area, which gave potential attackers unauthorized read and write access to one of the company's databases. A security researcher discovered the hole, who confidentially reported the security issue to eBay. The researcher said the company responded quickly and closed the hole after 20 days. The other hole was a cross-site scripting (XSS) vulnerability that enabled attackers to inject JavaScript code into the eBay server for execution via a specific URL. The vulnerability could have been exploited to steal other eBay users' access credentials. The company told The Register November 22 that the hole had been fixed.