Cross-Site Search (XS-Search) Vulnerability in Google Monorail

Cross-Site Search (XS-Search) Vulnerability in Google Monorail

CVE-2018-19335 · LOW Severity

AV:N/AC:H/AU:N/C:P/I:N/A:N

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

Learn more about our Web Application Penetration Testing UK.