Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/08/20 12:19 a.m.14 views

CVE-2025-9096

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

5.1CVSS6.3AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/19 11:19 p.m.16 views

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS6.2AI score0.00233EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/18 12:30 a.m.7 views

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

5.1CVSS4.2AI score0.00233EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/08/18 12:30 a.m.5 views

GHSA-XFP8-X3J6-H67V ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

5.1CVSS4.3AI score0.00274EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/18 12:30 a.m.9 views

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

5.1CVSS4.3AI score0.00274EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.3 views

ExpressGateway express-gateway 代码注入漏洞

ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from a cross-site scripting flaw in the component REST Endpoint that can be exploited remotely by ...

5.1CVSS6.8AI score0.00274EPSS
Exploits0References6
CVE
CVE
added 2025/08/17 11:32 p.m.23 views

CVE-2025-9096

ExpressGateway (express-gateway) up to version 1.16.10 is affected by a Cross-Site Scripting (XSS) vulnerability in the REST Endpoint code, specifically lib/rest/routes/apps.js. The issue arises from an unknown function used in that component, enabling a remote attacker to inject and execute scri...

5.1CVSS6.2AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2025/08/17 11:15 p.m.4 views

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS0.00233EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/17 11:2 p.m.4 views

CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS6.1AI score0.00233EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/17 12:0 a.m.3 views

ExpressGateway express-gateway 代码注入漏洞

ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from cross-site scripting in the lib/rest/routes/users.js file...

5.1CVSS6.8AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/17 12:0 a.m.5 views

PT-2025-33620 · Unknown · Express Gateway

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10 Description: A flaw has been found in ExpressGateway affecting processing within the lib/rest/routes/users.js library of the REST Endpoint component. Manipulation of this component can lead to cross site...

5.1CVSS3.5AI score0.00233EPSS
Exploits0References12
Rows per page
Query Builder