A security researchers that goes by the name ANTRAX, also an admin over at Underc0de.org, has contacted us with a vulnerability he found on Blogspot.com, which is owned by Google.
The exploit in question is a persistent XSS, which when exploited will be stored and executed every visit.
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.