Google has patched a cross-site scripting vulnerability in one of its Web-hosting services.

If left unpatched, the cross-site scripting (XSS) vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets and to view e-mail subjects and search history, according to the Google Blogoscoped blog.

Story at news.com.com