A serious cross-site scripting (XSS) vulnerability on LinkedIns website has been fixed within three hours. The vulnerability was discovered by security researcher Rohit Dua and detailed on the Full Disclosure mailing list. A lack of proper filtering meant that an attacker could enter characters into a question form to trick the website into executing a script. The malicious input would be saved on the discussion forum as a question, meaning other users seeking help could be impacted if their browser attempted to render pages containing the code. Dua received no financial reward for reporting the bug because LinkedIn runs a private bug bounty program.”]