EUVD-2025-25106

Malicious code in bioql PyPI...

CVE-2025-9096

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

GHSA-XFP8-X3J6-H67V ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

CVE-2025-9096 ExpressGateway express-gateway REST Endpoint apps.js cross site scripting

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-9096

ExpressGateway (express-gateway) up to version 1.16.10 is affected by a Cross-Site Scripting (XSS) vulnerability in the REST Endpoint code, specifically lib/rest/routes/apps.js. The issue arises from an unknown function used in that component, enabling a remote attacker to inject and execute scri...