A security researcher discovered a backdoor vulnerability in LinkedIn's job application system that could allow attackers to inject malicious code through job offers. The vulnerability was found in how LinkedIn handled rich text content in job postings, potentially enabling cross-site scripting (XSS) attacks. The issue has been reported to LinkedIn's security team and has since been patched.
Background
Cross-site scripting (XSS) is a common web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Major platforms like LinkedIn are frequent targets for such attacks due to their large user base.
- Source
- Hacker News (RSS)
- Published
- Jun 16, 2026 at 04:00 AM
- Score
- 7.0 / 10