Posted by Elar Lang on Jul 25

Title: Reflected XSS in LinkedIn
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Reflected XSS
Vendor: LinkedIn (https://www.linkedin.com/)

# Background

LinkedIn had reflected XSS vulnerability. It was at the end of 2013. I
made fulldisclosure now (middle of 2016) to point out and bring
attention to one frequent finding in pen-test cases: Request URI from
a client (browser) is expected to be always in correct URL encoding on…