CVE-2025-9096

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

GHSA-XFP8-X3J6-H67V ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

ExpressGateway express-gateway 代码注入漏洞

ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from a cross-site scripting flaw in the component REST Endpoint that can be exploited remotely by ...

CVE-2025-9096

ExpressGateway (express-gateway) up to version 1.16.10 is affected by a Cross-Site Scripting (XSS) vulnerability in the REST Endpoint code, specifically lib/rest/routes/apps.js. The issue arises from an unknown function used in that component, enabling a remote attacker to inject and execute scri...

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

ExpressGateway express-gateway 代码注入漏洞

ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from cross-site scripting in the lib/rest/routes/users.js file...

PT-2025-33620 · Unknown · Express Gateway

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10 Description: A flaw has been found in ExpressGateway affecting processing within the lib/rest/routes/users.js library of the REST Endpoint component. Manipulation of this component can lead to cross site...