graphql-playground

This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...

Exploit for Cross-site Scripting in Prisma Graphql-Playground-Html

This is a PoC exploit for CVE-2020-4038, an XSS Reflection attack vulnerability in the GraphQL Playground repository. The vulnerability is present in the graphql-playground-html package, which is used by several other packages, including graphql-playground-express, graphql-playground-koa,...

@awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0), @botsbotsbots/api (>=0.1.0-latest.5b715197 <=0.1.0-latest.d90c50ea) +152 more potentially affected by CVE-2020-4038 via graphql-playground-html (>=1.4.1 <=1.6.19)

graphql-playground-html NPM version =1.4.1, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =4.0.0, =1.0.0, =1.7.0, =1.8.81, =1.8.81, =1.8.80, =1.6.26, =1.8.175 and more Source cves: CVE-2020-4038 Source advisory: OSV:GHSA-4852-VRH7-28RF...

CVE-2020-4038 Reflected XSS in GraphQL Playground

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...