CVE-2021-41249
All sources describe a GraphQL Playground XSS in graphql-playground-react older than v1.7.28. The vulnerability arises from compromised HTTP introspection responses or schema prop values containing malicious GraphQL type names, enabling dynamic XSS and potential code execution when a user loads a...