GHSA-Q4RG-7CJJ-5R86 ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-7456

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

PT-2023-29501 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the email parameter of the "routers/add-users.php" resource does not validate the characters receive...

PT-2023-29504 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the role parameter of the "routers/add-users.php" resource does not validate the characters received...

PT-2023-29508 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the verified parameter of the "routers/add-users.php" resource does not validate the characters...