According to Check Point Software's blog post, the firm notified eBay of the flaw back in December, but the company said it didn't have plans to fix the vulnerability. eBay told Ars Technica, however, that it's been in touch with Check Point Software and that it has "implemented various security filters" based on its findings. The marketplace also added that it hasn't detected any fraudulent activity that takes advantage of the bug yet:
Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace.
Still, in case you come across an auction page that asks you to install or download anything, don't forget this flaw and make sure to click Cancel.