This is a sandboxed domain, like googleusercontent, so not a bug. XSS on genius.com would be a vulnerability.