Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>LinkedIn Fixes Persistent Cross Site Scripting (XSS) Vulnerability

LinkedIn Fixes Persistent Cross Site Scripting (XSS) Vulnerability


Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service’s help forums. According to a security researcher, the issue existed in a portal on LinkedIn’s Help Center site. To exploit the issue, a user would’ve had to sign into LinkedIn, gone to the site’s Help forum and started a discussion. By entering in a few lines of code, the researcher claims that an attacker could have executed script. Once the question gets posted, it, along with the script execution, can be immediately viewed in Help Forum –> Your Discussions or in the questions public list, or the questions page of your tag. If an attacker found a way to exploit the vulnerability, it could have easily been leveraged for an XSS worm.
 
Source:
Threat Post
 
ZDNet
 
IT Security News
 
Team Cymru
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis