This afternoon I remembered one of my Google XSSes and I want to publish it. When I found it, I reported it to the Google Security Team and they said me that it was a sandbox domain, so I wasn't eligible for a reward.
To reproduce it:
- Go to: https://www.google.com/producer/home
- Create a new edition (random values).
- Create a new section of articles.
- Create a new article inside of your new section.
- Type random values (as allways), but type your XSS payload in the "Body" field or "Title" field.
- Publish the article and you will get your XSS alert.
YES! I will get the same XSS alert :D
A few images: