Google Analytics XSS Vulnerability
Written by admin in Google, Vulnerabilities on Thu 03 February 2011. Tags: google analytics, google reward program, vulnerability, xss,
This post documents an XSS vulnerability I discovered in the event tracking functionality provided by Google Analytics. Given a website's Google account number (which can be found in the site source), one could spoof specially crafted events that, when clicked in the administrative interface, would run arbitrary Javascript in ...