Avnet security researcher Nir Goldshlager has uncovered several vulnerabilities in eBay's Web site.

"Among the vulnerabilities are cross-site scripting bugs in the eBay Live Help support page and eBay To Go, which the company fixed by validating user input," writes eWeek's Brian Prince. "In addition, Goldshlager uncovered a blind SQL injection problem in the eBay donations Web site."

"All of the vulnerabilities have been patched except [a] CSRF (cross-site request forgery) flaw," Prince writes. "According to Chad Greene, eBay's senior manager of global information security, the company has pushed code to the core site to measure the impact of potential fixes for the CSRF problem on the user and will make a decision about how to address the situation in the next three weeks."

Click here to read the eWeek article.