{"id":"PYSEC-2021-33","details":"LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the \"No results found for\" message in the search bar.","aliases":["CVE-2021-26722","GHSA-rfw2-x9f8-2f6m"],"modified":"2023-11-08T04:05:22.282119Z","published":"2021-02-05T18:15:00Z","references":[{"type":"REPORT","url":"https://github.com/linkedin/oncall/issues/341"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-rfw2-x9f8-2f6m"}],"affected":[{"package":{"name":"oncall","ecosystem":"PyPI","purl":"pkg:pypi/oncall"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.1"}]}],"versions":["1.1.2","1.1.3","1.1.4","1.1.5","1.1.7","1.1.8","1.1.9","1.1.10","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/oncall/PYSEC-2021-33.yaml"}}],"schema_version":"1.7.3"}