Part (1) WRITE UP – [Google VRP ] GOOGLE BUG BOUNTY: AngularJS XSS Console Cloud Google Monitoring


Two days before the end of 2020

I will brief you the XSS problem in google cloud monitoring section.

Steps to reproduce

logged into google monitor as shown

I created a new group by clicking on groups

I wrote XSS payloads in the places shown in the picture

I created the group (;

I renewed the browser page I am using

The End!

Report Timeline

Sep 25, 2020: Sent the report to Google VRP

Sep 25, 2020: Got a message from google that the bug was triaged

Sep 25, 2020: Bug Accepted

Sep 25, 2020:

🎉 Nice catch! I’ve filed a bug based on your report.

The panel will evaluate it at the next VRP panel meeting and we’ll update you once we’ve got more information. All you need to do now is wait. If you don’t hear back from us in 2-3 weeks or have additional information about the vulnerability, let us know!

E…, Google Security Team

Sep 29, 2020: $ bounty awarded

Oct 13, 2020: Fixed by Google

Dip Not: There has been a brief confusion after being reported-
Google security team Martin solved the problem by intervening-
Thank you once again.

Thanks Google Web Security Team!

Hayat Paylaşınca Güzel: