Grammarly: Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state

Hi, First, I just want to say after spending a few days on your assets that I'm really impressed by the high security standard of the apps exposed. It has not been easy to find issues. I really like the way you've structured your API-routes in a way that almost eliminates a bunch of access issues...