Hosein)root Discovers XSS Vulnerability on Google Earth
On 25 November Hosein)root who asked ICNA publish his true name as Amir Hossein Sharbati on CXSecurity and some other places published his XSS vulnerability that he discovered in Google Earth. The vulnerability is of this nature that if KML for upload is enabled, uploading a malicious KML file means user’s system is vulnerable to this type of attacks.
You can see the video of it at https://youtu.be/YcY5nPd3bAo and the original post about it is available from CXSecurity here https://cxsecurity.com/issue/WLB-2017110140.