XSS vulnerability in Google Translate
After disclosing vulnerability in TCS website, A security researcher from India who goes by the Name "Christy Philip Mathew", has submitted a critical XSS vulnerability affecting a sub domain of Google i.e translate.google.com.
According to Researchers report this bug can be exploited by malicious users to conduct phishing attacks , session Hijacking against Google users and also to infect them with malware, adware and spyware by just uploading scripted TXT file on Internet.
Proof of Concept
Steps to Reproduce:
Proof of Concept 1:
Proof of Concept 2:
When a user upload a xss script in a text file on Google Translate the XSS Script gets executed on translating.