LinkedIn Program Statistics

View program

52 total issues disclosed

$0 total paid publicly

Most disclosed (14 disclosures) — Insecure Direct Object Reference (IDOR)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Access to Deactivated LinkedIn Company Pages via Competitor Analytics API Insecure Direct Object Reference (IDOR) riadalrashed Medium 2026-03-24
Session Cookie Leakage via Static Header Field in WebViewerFragment Misconfiguration dphoeniixx High 2026-03-17
IDOR to make someone attend or leave an event Insecure Direct Object Reference (IDOR) safehacker_2715 Medium 2026-03-06
Blocking a company page admin prevents him from delete paid media admin or edit his roles Improper Access Control - Generic riadalrashed Medium 2026-03-05
Previous commentor on post can still comment even after comment permission is changed to disabled Improper Access Control - Generic allenjo Low 2026-02-03
Improper Access Control - Access to "Active Hiring" (Premium feature) filter results Improper Access Control - Generic minex627 Medium 2026-02-03
HTML Injection in LinkedIn Premium Support Chat None supplied nagu123 Low 2025-05-07
Forced OAuth authorization using button ID in hash and holding space Improper Authentication - Generic j0r1an Medium 2024-12-17
Can see phone numbers of others by providing mail address Information Disclosure sevada797 High 2024-11-13
Attackers can *Upgrade and claim offer* on the Premium Trial Subscription with a total price of *IDR0.00* from the original *IDR7,022,061.82* Business Logic Errors find_me_here High 2024-06-18
An attacker can submit arbitrary projects to their service accounts and obtain full information on projects of other users. Insecure Direct Object Reference (IDOR) marvelmaniac High 2024-03-12
Stored XSS on LinkedIn App via iframe tag in Article Cross-site Scripting (XSS) - Stored domg Critical 2024-02-28
Employee-only Area Bypass Improper Access Control - Generic m0ntriz Medium 2024-02-19
Html injection in event Description Improper Input Validation khaledx Low 2024-01-29
Users can access exams in course without having to subscribe to PREMIUM Improper Access Control - Generic find_me_here Medium 2024-01-10
User Details Can Be Disclosed Even If The Account IS In Hibernation State Information Disclosure tushar6378 Low 2023-12-06
CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/* Cross-Site Request Forgery (CSRF) marvelmaniac Medium 2023-12-06
CSRF that makes any user send invitations to the attacker by simply clicking on a link. Cross-Site Request Forgery (CSRF) marvelmaniac Medium 2023-12-06
Deny Admin from Editing LinkedIn Company Page using Gen Form Visibility via POST /voyager/api/voyagerOrganizationDashCompanies/{id} Improper Access Control - Generic domg Medium 2023-10-19
HTML injection at Company Name or Product Name and can be shown on Contact Sales form None supplied domg Low 2023-10-18
[ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company Insecure Direct Object Reference (IDOR) poneglyph Medium 2023-10-05
Attackers can create unlimited jobs by paying a low price `( Rp. 10,000 )` from the original lowest price of around **Rp 93,151** Insecure Direct Object Reference (IDOR) find_me_here Medium 2023-09-29
Can VIEW Videos on LinkedIn Learning that Require a Subscription Without having to Subscribe Via `SHARE features` Privilege Escalation find_me_here Medium 2023-09-25
LinkedIn users primary email + full name visibilty Information Disclosure headhunter High 2023-09-25
HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction HTTP Request Smuggling vampirex High 2023-09-25
Access to resumes applied through LinkedIn Jobs Information Disclosure headhunter Critical 2023-09-22
An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report] Business Logic Errors tushar6378 Medium 2023-08-24
Attackers can use TRIAL Premium only by paying **IDR 10,000.00** from the original price of `IDR462,400.00` per month Insecure Direct Object Reference (IDOR) find_me_here High 2023-08-24
A Unverified User Can Post Newsletter (Which Is Not Allowed Through Application UI) Business Logic Errors tushar6378 Low 2023-08-24
IDOR allows an attacker to delete anyone's featured photo. Insecure Direct Object Reference (IDOR) adilnbabras Medium 2023-08-24
Improper access control on Linkedin Page Improper Access Control - Generic dr_nimishadavis Low 2023-08-24
bypass two-factor authentication. Improper Authentication - Generic spaceboy20 Medium 2023-08-01
Ad Account Takeover Privilege Escalation them4les_l1r Critical 2023-07-20
“See who’s interested in working for your company” - security issue Information Disclosure headhunter Medium 2023-06-21
Entire database of emails exposed through URN injection Code Injection ultrapowa Medium 2023-05-22
Anyone can view the results of linkedin skill test -if failed to earn a badge or if the badge earned is kept private: both cases results can be viewed Insecure Direct Object Reference (IDOR) marvelmaniac Medium 2023-05-17
[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters Insecure Direct Object Reference (IDOR) find_me_here Medium 2023-05-15
Attacker can unpin posts from companies he's not part of. None supplied spaceboy20 Low 2023-05-12
Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning` Insecure Direct Object Reference (IDOR) find_me_here Medium 2023-05-12
Delete any LinkedIn comment on learning API of other users Improper Access Control - Generic encodedguy Medium 2023-05-12
Information disclosure by sending a GIF Client-Side Enforcement of Server-Side Security qualw1n Medium 2023-04-28
Can delete other user's post and company page post Improper Access Control - Generic anandpingsafe No rating 2023-04-11
Unauthorized User can View Subscribers of Other Users Newsletters Insecure Direct Object Reference (IDOR) tushar6378 High 2023-03-29
Unauthorized access to resumes stored on LinkedIn Insecure Direct Object Reference (IDOR) headhunter High 2022-12-07
Campaign Account Balance and History Disclosed in API Response Insecure Direct Object Reference (IDOR) sachin_kr Medium 2022-11-30
IDOR - Delete technical skill assessment result & Gained Badges result of any user None supplied sachin_kr Medium 2022-10-05
Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings] Privilege Escalation naaash Medium 2022-08-26
Can access the job name, creator name and can report any draft/under review/rejected job Insecure Direct Object Reference (IDOR) sachin_kr Medium 2022-07-20
Add me email address Authentication bypass None supplied raajeevrathnam No rating 2022-07-15
Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact) None supplied sachinrajput No rating 2022-06-15
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su Improper Restriction of Authentication Attempts suryasnn Medium 2022-06-15
Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com None supplied jonathanbouman No rating 2018-10-18