EPSS
Percentile
32.7%
graphql-playground-react is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in onHasCompletion.js allowing an attacker to inject and execute malicious javascript.
onHasCompletion.js
github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7