This in itself would no be such news, were it not for the fact that this XSS flaw could be used to gather sensitive information.
"With border set to 0 in the tag, [the iFrame] could retrieve a deceitful seller central user login page that logs authentication credentials in cleartext and sends them to the fraudster's e-mail inbox," says one of XSSed's editors.
Here's hoping that Amazon reacts quickly.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.