Google Play - Cross Site Scripting (XSS) Vulnerability

Vulnerability Type: Cross Site Scripting (XSS)

  • Reported on 16 July 3013
  • Fixed on 17 July 2013


Google recently changed it's design of Google Play which lead to this XSS vulnerability.

Head to Google Play settings (

Change Nickname of your mobile to below XSS vector-

"><img src=x onerror=prompt(1);>

and click on Update.

Now, go to any application page.

The XSS vector will execute-

Google rewarded me with 5000$ for reporting this vulnerability.


BEST & MOST WANTED - fitness you x - sex xx - fat loss sexy - sex xx - orchids orchidaceae phalaenopsis care - dog food xx - baby potty xx - options trading xx - forex fx xx - fat loss xx -- betting money xx
mesothelioma master xx


Hello sir, This is a nice blog regarding taxi app development.This is very informative .I am daily reader of your blogs. Please add more. visit:


Post a Comment