Vulnerability stems from universal cross-site scripting, or UXSS, which triggers when a webpage is automatically translated using Microsoft Edge browser’s built-in feature via Microsoft translator. The translation feature had a piece of vulnerable code that failed to sanitize input, allowing an attacker to insert malicious JavaScript code anywhere on the webpage, which is executed when a victim tries to translate the page. The researchers were rewarded with a $20,000 bounty, and on June 24, a patch update was pushed out by Microsoft.”]
Source: https://www.cuinfosecurity.com/microsoft-edge-vulnerabilities-let-hackers-steal-data-a-16961