How i found an Stored XSS on Google Books

Sokol Çavdarbasha
2 min readSep 18


Hello Hackers, I’m Sokol Çavdarbasha, I’m 20 years old from Kosovo and welcome to my first story about a vulnerability that i found on Google Books.

Great. Now that we’re done with that, we can get to the real thing this article’s about.

One day I decided to hunt for vulnerabilities on Google.I was looking to find XSS (Cross Site Scripting) . So i start to digg into and i was focused on Google Books.

So i thought why no to try here for XSS, and i type in search bar the following payload “><img src=x onerror=alert(1)>, and i got an book that another Security Researcher uploaded it to

so i press the “Preview” button and the XSS gets triggered

XSS Trigger

the XSS triggered successfully, so i quickly report it to Google VRP Team at, and they responded quickly with a …

Google Response

i was so happy that i got an “Nice catch” response from Google VRP Team with Priority P1 and Severity S1, and got rewarded $XXXX as this is my first valid bug that i reported to Google.


I hope that you enjoyed reading this article and sorry if there are things that are not clear.

Thanks for Reading : )


Sokol Çavdarbasha.

You Can Follow me on :