CNNVD-202508-1988 Information
CNNVD ID
CNNVD-202508-1988
Related CVE
- CNNVD Published: 2025-08-17
Description (Chinese)
ExpressGateway express-gateway是ExpressGateway开源的一个接口服务。 ExpressGateway express-gateway 1.16.10及之前版本存在代码注入漏洞,该漏洞源于lib/rest/routes/users.js文件存在跨站脚本。
Description (English)
ExpressGateway interface-gateway is an interface service for ExpressGateway open source. ExpressGatewayexpress-gateway 1.16.10 and previous versions have a code-injection loophole, which stems from the existence of cross-site scripts in lib/rest/routes/users.js files.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
ExpressGateway
Published
2025-08-17
Last Modified
2026-02-24
References
https://vuldb.com/?submit.627709 https://vuldb.com/?id.320417 https://vuldb.com/?ctiid.320417 https://github.com/freshfish-hust/my-cves/issues/5#issue-3286622393 https://access.redhat.com/security/cve/cve-2025-9095 https://nvd.nist.gov/vuln/detail/CVE-2025-9095
Patch
https://github.com/ExpressGateway/express-gateway/releases
Share on: