WHID 2006-39: Another Google XSS
An XSS vulnerability in the feature allowing adding an arbitrary RSS to personal web pages. Since this page resides on the main www.google.com host, the executed JavaScript can access any Google resource.
Additional information:
- Google Fixes XSS Security Problem [Google Blogoscoped, Jul 6 2006]
- Cross Site Scripting Vulnerability in Google [ha.ckers, Jul 4 2006]
- Google fixes security flaw in Reader [News.com, Jul 5 2006]
Attack Method:
Incident Outcome:
