Cross-Site Scripting

2021-04-3017:27:53

Google

osv.dev

0.001 Low

EPSS

Percentile

37.5%

JSON

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar.

CPENameOperatorVersion
oncalleq1.3.8
oncalleq1.4.0
oncalleq1.2.0
oncalleq1.3.9
oncalleq1.3.5
oncalleq1.3.4
oncalleq1.1.9
oncalleq1.1.3
oncalleq1.3.7
oncalleq1.1.4

Name	Operator	Version
oncall	eq	1.3.8
oncall	eq	1.4.0
oncall	eq	1.2.0
oncall	eq	1.3.9
oncall	eq	1.3.5
oncall	eq	1.3.4
oncall	eq	1.1.9
oncall	eq	1.1.3
oncall	eq	1.3.7
oncall	eq	1.1.4

Rows per page:

1-10 of 201

References

github.com/linkedin/oncall/commit/843bc106a1c1b1699e9e52b6b0d01c7efe1d6225

github.com/linkedin/oncall/issues/341

nvd.nist.gov/vuln/detail/CVE-2021-26722

pypi.org/project/oncall

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for OSV:GHSA-RFW2-X9F8-2F6M