Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
"https://github.com/pypa/advisory-database/blob/main/vulns/contentful/PYSEC-2026-626.yaml"