LinkedIn Oncall XSS Vulnerability CVE-2021-26722 Scanner
Details
Stay Up To Date
Follow @secforeveryoneAsset Type
DOMAIN,IP,URL
Need Membership
Yes
Asset Verify
Yes
API Support
Yes
Estimate Time (Second)
30
LinkedIn Oncall XSS Vulnerability CVE-2021-26722 Scanner Detail
Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
Some Advice for Common Problems
Update your LinkedIn Oncall to the latest version to eliminate this vulnerability.
