French security researcher Issam Rabhi has identified a cross-site scripting (XSS) vulnerability in Google’s Search interface. The issue is what experts call a reflected XSS (also known as self-XSS, first-order XSS, type 1 XSS or non-persistent XSS) XSS exploits allow attackers to collect cookies and XSRF tokens for more intrusive attacks. Google fixed the XSS on August 9, four days after it was disclosed. Microsoft refused to patch an XSS bug they’ve discovered in the Microsoft Dynamics CRM, in the first place.”]
Source: https://news.softpedia.com/news/even-google-search-has-xss-flaws-508304.shtml