Security Bulletin: Dynamic XSS Vulnerability in GraphiQL via Malicious Schema Introspection Responses (Pre-v1.4.7) watsonx.data

Summary All versions of GraphiQL before 1.4.7 are vulnerable to a dynamic XSS flaw triggered by malicious schema introspection responses or crafted type names, potentially allowing code injection during autocomplete—especially in custom setups where the schema endpoint can be user-controlled. Thi...

CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

XSS vulnerability in GraphQL Playground from untrusted schemas

GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...

IBM Bladecenter Management - Multiple vulnerabilities

Exploit for php platform in category web applications ===================================================== IBM Bladecenter Management - Multiple vulnerabilities ===================================================== Application: IBM BladeCenter Managemet Module Versions Affected: BPET48L and may ...