This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attack, which was resolved in graphql-playground-html@^1.6.22. The impacted packages are graphql-playground-html, graphql-playground-express, graphql-playground-koa, and graphql-playground-hapi, which were vulnerable to the attack until the specified versions. The vulnerability allows for exfiltration of data or user credentials, or to disrupt systems, and was patched in the mentioned…Read More