Description
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
In ExpressGateway express-gateway bis 1.16.10 wurde eine Schwachstelle gefunden. Dabei betrifft es einen unbekannter Codeteil in der Bibliothek lib/rest/routes/apps.js der Komponente REST Endpoint. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.16.10
Timeline
| 2025-08-17: | Advisory disclosed |
| 2025-08-17: | VulDB entry created |
| 2025-08-17: | VulDB entry last update |
Credits
Haoatao (VulDB User)
References
vuldb.com/?id.320418 (VDB-320418 | ExpressGateway express-gateway REST Endpoint apps.js cross site scripting)
vuldb.com/?ctiid.320418 (VDB-320418 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.627833 (Submit #627833 | GitHub Web Application Express Gateway 1.16.10 and possibly earlier Cross Site Scripting)
github.com/freshfish-hust/my-cves/issues/6
github.com/freshfish-hust/my-cves/issues/6
