Findings
POST based url-encoded query (possible CSRF)
Updated: June 19, 2025
Description
The GraphQL endpoint accepts non-JSON queries over POST.
Remediation
Ensure that the GraphQL API only accepts JSON encoded queries in the request body.
- Previous (Findings - Action based findings)
- Phrasing vulnerability
- Next (Findings - Action based findings)
- Prompt encoding vulnerability