Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service’s help forums. According to a security researcher, the issue existed in a portal on LinkedIn’s Help Center site. To exploit the issue, a user would’ve had to sign into LinkedIn, gone to the site’s Help forum and started a discussion. By entering in a few lines of code, the researcher claims that an attacker could have executed script. Once the question gets posted, it, along with the script execution, can be immediately viewed in Help Forum –> Your Discussions or in the questions public list, or the questions page of your tag. If an attacker found a way to exploit the vulnerability, it could have easily been leveraged for an XSS worm.
Source:
Threat Post
ZDNet
IT Security News
Team Cymru
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis