Netcraft, one of the leading authorities on phising research, reports a Phishing scam that involves XSS.

The scam exploits an XSS vulnerability in iRedirector, a software used to map sub-domains into paths on the site, in order to hijack domains and use them as Phishing targets. Since iRedirector enables virtually any sub domain to be defined, the attacker can now create an endless number of combinations of domain names built to fool users and web filters alike.