Google Code Playground XSS vulnerability


Two security researchers have identified an XSS in Google Code. Proof Of Concept: Just go to and then click on edit HTML after that remove all the codes and type this script : "<img src="<img src=search"/onerror=alert("XSS")//">" and click on DEBUG CODE, and then first it will show you "Sample must have <head> element" click OK and wait for the window to load if nothing happen then try the same thing again or simply you can click on RUN CODE, and you will get a popup which is XSS. Thanks to our friends @THN.


December 8, 2011
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023