According to the source, clicking on some listings automatically redirected users to the harmful websites. eBay removed several posts and declared it was an isolated incident.
But the BBC has since found several listings, from multiple users, exploiting the same vulnerability. Furthermore, several readers contacted the BBC detailing complaints they had made to the website.
In each case, it appears cross-site scripting (XSS) has been used to hijack the users browsing, placed in the listings page using Javascript.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now