Security Researcher's "Matías Lonigro & Fabián Cuchietti" has discovered Self-XSS vulnerability Google Translator page. The vulnerability has been found in the 'translating a Document' option.
Google Translate provides an easy way to translate whole documents, without the need for copying and pasting large blocks of text. Simply click the translate a document link and submit your file as a PDF, TXT, DOC, PPT, XLS or RTF.
The uploader allows HTML files also. Unfortunately, it does not filter the HTML tags. It results in executing the HTML code as well as javascript code. Uploading HTML file embedded with javascript executes the script.
Researcher also provide a POC video:
Even Though this is self-XSS vulnerability, we can not simply ignore it. Hope , google will fix this issue as soon as possible.
Google Translate provides an easy way to translate whole documents, without the need for copying and pasting large blocks of text. Simply click the translate a document link and submit your file as a PDF, TXT, DOC, PPT, XLS or RTF.
The uploader allows HTML files also. Unfortunately, it does not filter the HTML tags. It results in executing the HTML code as well as javascript code. Uploading HTML file embedded with javascript executes the script.
Researcher also provide a POC video:
Even Though this is self-XSS vulnerability, we can not simply ignore it. Hope , google will fix this issue as soon as possible.