Two days before the end of 2020
I will brief you the XSS problem in google cloud monitoring section.
Steps to reproduce
logged into google monitor as shown
I created a new group by clicking on groups
I wrote XSS payloads in the places shown in the picture
I created the group (;
I renewed the browser page I am using
Sep 25, 2020: Sent the report to Google VRP
Sep 25, 2020: Got a message from google that the bug was triaged
Sep 25, 2020: Bug Accepted
Sep 25, 2020:
🎉 Nice catch! I’ve filed a bug based on your report.
The panel will evaluate it at the next VRP panel meeting and we’ll update you once we’ve got more information. All you need to do now is wait. If you don’t hear back from us in 2-3 weeks or have additional information about the vulnerability, let us know!
E…, Google Security Team
Sep 29, 2020: $ bounty awarded
Oct 13, 2020: Fixed by Google
Dip Not: There has been a brief confusion after being reported-
Google security team Martin solved the problem by intervening-
Thank you once again.
Thanks Google Web Security Team!