Skip to main content

Security Researchers

  • Responsible Disclosure
  • Eligible eBay Domains
  • Eligible Vulnerabilities
  • Exclusions
  • Report Form
  • Acknowledgements

    • Eligible Vulnerabilities

    We encourage the coordinated disclosure of the following eligible web application vulnerabilities:

    • Authentication/Authorization
    • Cross-site scripting (XSS)
    • Cryptography
    • Cross-site request forgery (CSRF) in a privileged context
    • HTTP response splitting
    • Injection vulnerabilities
    • Information leakage
    • URL redirector abuse

    • Others, Including:

      • Server-side code execution/remote code execution
      • XML attacks
      • Directory traversal
      • Significant security misconfiguration