Stored XSS on LinkedIn App via iframe tag in Article

A stored XSS issue was reported on “LinkedIn Article” where a malicious JavaScript (JS) payload can be embedded in URL field of iframe. When such article gets published, and accessed on LinkedIn Mobile App, the malicious JS would get executed in victim’s context. Upon receiving this report, we resolved it on a priority basis and paid the researcher a bounty.