Advisory #60 - RyotaK's Vuln DB

Advisory #60

Title	GraphiQL introspection schema template injection attack
CVE ID	CVE-2021-41248
Vendor	GraphQL Foundation
Affected product	GraphiQL
Affected versions	0.5.0 - 1.4.6
Vulnerability type	CWE-79 (Cross-site Scripting)
Description	GraphiQL has a cross-site scripting vulnerability, which allows a malicious schema to execute arbitrary JavaScripts.
Status	Fixed in 1.4.7
Recommendation	Update to 1.4.7 or above.