Hello world! I hope everyone is doing well in this pandemic & making full use of it for learning new stuff in their daily life . so this a story about hacking into any companies even the big ones are on list like facebook , google , microsoft etc. so how does this all begin to know this we need to start from scratch .
This uXSS attack was found by RajputHacker and his Russian friend!
Since the Microsoft Auto translation has the universal Acess all over the browser whenever the page renders it try to automatically execute the tags "<" there occurs the part. The Microsoft translator doesn't cross check the data source instead it automatically it try to translate everything.

The Microsoft Edge (Internal Translator Which Comes Pre-Installed) has an vulnerable code to which actually takes any html tags having an “>img tag without sanitising the input or converting the payload into text while translating so actually that internal translator was taking “>img src=x onerror=alert(1)> payload and executing it as an javascript as there were no proper validation check which does sanitisation or convert complete DOM into text and then process it for translation .

Below is the code snippet which is affected it seems that function startPageTranslation is the function which was affected .

Now Comes The Special Part Of This Blog Exploitation Or Steps To Reproduce & Description Vulnerability

Vulnerability Name — uXSS (Universal Cross Site Scripting)

Description Of Vulnerability 

Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code. When such vulnerabilities are found and exploited, the behavior of the browser is affected and its security features may be bypassed or disabled.

Steps To Reproduce -

1- Download POC.html file from the above code snippet or copy paste code in file > name it as POC.html and save it

2- Start python server in same folder where your POC file is located on localhost using command given below

python3 -m http.server 80

3- Open Microsoft Edge ( Version 91.0.864.48 (Official build) (arm64)) & Visit http://localhost/POC.html

Most probably when you read this article it has been already updated to secure version so that is reason why you can’t reproduce

4-Translator will show you message that this page is another language would you like to translate ? click on translate button

5-Boom You got alert(1)

Please Note- The reason we spin up the python server even for html file is simple sometimes translator don’t show up for translating text on just opening of html page maybe because the document.location is about:html when we just open html file.

Two Conditions For Remote Exploit →

1-Person Should Be Using Microsoft Edge

2-Person Should Be Having AutoTranslate On

Impact -

We Can Summarise The Impact In Four Statements Given Below

1- Any Page Reflecting “><img src=x onerror=alert(1)> (Or Any XSS Payload) Is Vulnerable We Just Need Reflection

2- Any Person From Another Country (Who Don’t Know English) Reading About XSS On English Site Is Vulnerable → As He Will Translate (XSS Will Popup)

3- All Users Using Edge Are Vulnerable To XSS Which Can Trigger On Any Website

4- Any Person Who Will Receive Email Or Message Having Content As Different Language + XSS Payload (Is Vulnerable)

There Are So Many Possibility Which Can Happen In This Attack Vector

This Vulnerability Known As Universal XSS

Now How We Could Have Hacked Google & Facebook

Facebook → we created an profile with name in different language and xss payload and sent an friend request to victim (he is using edge) as soon as he checks are profile he got hacked (xss popup because of auto translation)

Google → we have written review on google for an company HackENews with different language + xss payload any person browsing that review link got hacked (xss popup because of auto translation)

Youtube → we have created an youtube video entered an comment with xss payload+different language anyone viewing that video in edge got hacked (xss popup because of auto translation)


Windows Store Application → we found that web based application (example instagram) on windows store is also vulnerable with this attack as windows stores ships application with same Microsoft Edge Translator Which Was Responsible For Triggering uXSS (Universal XSS) Attack .


3rd June 2021 : Report sent To Microsoft
7th June 2021 : Reply from Microsoft Reviewing
8th June 2021 : Additional Impact Information Sent
15th June 2021 : Report Triaged
17th June 2021 : Awarded $20000 bounty
19th June 2021 : Pre-Release Patch
24th June 2021 : Patch Update Pushed & CVE ASSIGNED As CVE-2021–34506

Sources and other Details:-
I have attached the Bug Bounty program Link , Incase if you find one!