Cross-site scripting in Contentful

CERT-LatestNews ThreatsCybercrime
Description. The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied data, as demonstrated by the api parameter to the-example-app.py.