Share
## https://sploitus.com/exploit?id=0106C060-BA80-5225-AC3C-70135587E959
This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attack, which was resolved in `graphql-playground-html@^1.6.22`. The impacted packages are `graphql-playground-html`, `graphql-playground-express`, `graphql-playground-koa`, and `graphql-playground-hapi`, which were vulnerable to the attack until the specified versions. The vulnerability allows for exfiltration of data or user credentials, or to disrupt systems, and was patched in the mentioned versions.