The professional social networking giant LinkedIn is affected by Multiple reflected Cross-Site Scripting vulnerabilities. An attacker can inject HTML or script code in the context of victim’s browser, so can perform XSS attacks, and steal cookies of a targeted user, according to a posting on the Full Disclosure mailing list.
Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques. It is the third Vulnerability listed in Top 10 Owasp Vulnerability 2013.
Eduardo Garcia Melia reported four XSS flaws starting from December 2012. The last XSS flaw in LinkedIn fixed yesterday.
LinkedIn is a social networking service and website operates the world’s largest professional network on the Internet with more than 187 million members in over 200 countries and territories.
Proof of Concept of the XSS flaw can be found here.