An independent security researcher, using the nickname MLT, reported last month a simple flaw affecting the eBay website exposed its customers to phishing attacks. The flaw affected the URL parameter, the attacker was able to exploit a Cross-Site Scripting (XSS) vulnerability to inject a malicious iFrame on the legitimate eBay website. The code used by the researchers redirect visitors of eBay website to a phishing page hosted on a third-party server by using an eBays URL. This trick makes it impossible to detect the attack and the attack appeared as legitimate.”]
Source: http://securityaffairs.co/wordpress/43521/hacking/ebay-website-to-phishing-attacks.html