22 matches found
EUVD-2025-25106
Malicious code in bioql PyPI...
EUVD-2025-25146
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
express-gateway is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling in lib/rest/routes/users.js of the REST Endpoint, which allows an attacker to execute malicious scripts remotely...
Cross-Site Scripting (XSS)
express-gateway is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling in the REST Endpoint lib/rest/routes/apps.js, which allows an attacker to remotely inject and execute malicious scripts...
GHSA-Q4RG-7CJJ-5R86 ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js
A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...
CVE-2025-9096
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
aella-gateway-admin (>=1.0.5 <=1.0.9), angus-router (>=0.1.0 <=0.1.4) +5 more potentially affected by CVE-2025-9096 via express-gateway (=1.16.11)
express-gateway NPM version =1.16.11 is affected by a known vulnerability. The following packages have a transitive dependency on express-gateway and may be impacted: - aella-gateway-admin =1.0.5, =0.1.0, =1.0.0, =0.0.1, =0.0.5, =0.0.6 - factoria.rae.identity =1.0.0 - wawole-gateway =1.0.0 Source...
Cross-site Scripting (XSS)
Overview express-gateway is an A microservices API gateway built on top of ExpressJS Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a lack of input validation and output sanitization when handling user and application creation POST / and update PUT /:id...
Cross-site Scripting (XSS)
Overview express-gateway is an A microservices API gateway built on top of ExpressJS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /users/:id and /apps/:id routes, where unsanitized user-supplied input req.params.id is directly embedded into the server's...
aella-gateway-admin (>=1.0.5 <=1.0.9), angus-router (>=0.1.0 <=0.1.4) +5 more potentially affected by CVE-2025-9095 via express-gateway (=1.16.11)
express-gateway NPM version =1.16.11 is affected by a known vulnerability. The following packages have a transitive dependency on express-gateway and may be impacted: - aella-gateway-admin =1.0.5, =0.1.0, =1.0.0, =0.0.1, =0.0.5, =0.0.6 - factoria.rae.identity =1.0.0 - wawole-gateway =1.0.0 Source...
CVE-2025-9096 ExpressGateway express-gateway REST Endpoint apps.js cross site scripting
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-9096 ExpressGateway express-gateway REST Endpoint apps.js cross site scripting
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-9095
Summary: CVE-2025-9095 affects ExpressGateway up to 1.16.10. The issue resides in the REST Endpoint component, specifically the library file lib/rest/routes/users.js, where user-controlled input can cause cross-site scripting. The vulnerability can be triggered remotely and has publicly disclosed...
CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
PT-2025-33621 · Unknown · Express Gateway
Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10 Description: A vulnerability exists in ExpressGateway, specifically within the lib/rest/routes/apps.js component’s REST Endpoint. The issue involves an unknown function and allows for cross-site scripting...
CVE-2020-29579
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...
CVE-2020-29579
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...
CVE-2020-29579
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...
Default credentials
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...
CVE-2020-29579
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access...