Security researcher David Sopas at WebSegura discovered a Reflected Filename Download vulnerability in the popular professional social network LinkedIn. He discovered the following XHR request on Google Inspector on LinkedIn: https://www.linkedin.com/countserv/count/share?url=||calc|| He discovered that the Url parameter wasnt validated and it was reflected on the request. He tried to download the file and rename it to.bat to execute the calculator from Windows.bat.”]
Source: https://securityaffairs.co/wordpress/40261/hacking/reflected-filename-download-linkedin.html