The security expert from French security outfit Sysdream, Issam Rabhi, discovered a cross-site scripting vulnerability in Google France. The vulnerability is the third most common issue affecting web applications. The experts reported the vulnerability to Google on August 5th and the experts of the company fixed the vulnerability in just four days. XSS allows attackers to execute scripts in the victims browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. The expert did not submit the bug under the Google bug bounty program, anyway he received kudos from his colleagues.”]
Source: https://securityaffairs.co/wordpress/51266/hacking/cross-site-scripting-google-fr.html