Business networking site LinkedIn has a cross site scripting (XSS) vulnerability fixed in the website. Security Expert Rohit Dua from India Wednesday posted a message about the leak on Full Disclosure. LinkedIn Help forum did not have adequate security, the profile pages of LinkedIn were not vulnerable.
To exploit the vulnerability must be a user logged in. When starting a discussion on the Help pages, it was possible for an attacker to execute code in the form fields. The code then implemented, was also open to non-visitors.
LinkedIn has vulnerability - with the help of Dua - rectified within three hours, writes Threat Mail. According been a spokesman for LinkedIn are private data of users at no time in danger and there is no abuse of the vulnerability.
No comments:
Post a Comment