Issue metadata
Sign in to add a comment
|
Security: XSS by typing JavaScript in the address bar
Reported by
wraggste...@gmail.com,
May 14 2017
|
||||||||||||||||||
Issue descriptionhi google team, hi Google team, there is reflected xss vulnerability in https://mail.google.com steps to replicate: 1 go to https://mail.google.com 2 then type javascript payloads in front of address 3 like this javascript:alert(document.cookie)//https://mail.google.com 4 hit enter then xss payload will trigger. please let me know if you need some more information. best regards
,
May 15 2017
why is that marked as wont fix without any explanation?
,
May 15 2017
The explantion is given at the link in C#1, but in case you are unable to follow it, the short answer is that this isn't an XSS because there's nothing cross-site about it. Its just you typing.
,
May 15 2017
but this still counts as "self XSS" right?
,
May 15 2017
i guess its the vulnerability of Chrome only because i cant reproduce the bug with many websites(e.g. twitter) in Firefox.
,
Jun 28 2017
Issue 737651 has been merged into this issue.
,
Aug 21 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 14 2017Summary: Security: XSS by typing JavaScript in the address bar (was: Security: XSS in mail.google.com)