Directly linking to a site with a known XSS exploit perhaps wasn't such a great idea.
Edit: Looks like they've pulled the plug.