Google has paid a researcher $5000 for a cross-site scripting (XSS) vulnerability in the Google domain.
"This exploit does not require any user interaction, it's just a matter of clicking on a URL."
He said the vulnerability was fixed within days and offered steps to reproduce the XSS on his blog.
Cross-site scripting attacks were common and involved malicious scripts injected into web sites. They could occur whereever web applications incorporated user input in generated output without validation.