CNNVD-202508-1989 Information

CNNVD ID

CNNVD-202508-1989

Related CVE

CVE-2025-9096

• CNNVD Published: 2025-08-18

Description (Chinese)

ExpressGateway express-gateway是ExpressGateway开源的一个接口服务。 ExpressGateway express-gateway 1.16.10及之前版本存在代码注入漏洞，该漏洞源于组件REST Endpoint存在跨站脚本缺陷，攻击者可远程发起利用。

Description (English)

ExpressGateway interface-gateway is an interface service for ExpressGateway open source. There is a code-infusion loophole in the ExpressGateway express-gateway 1.16.10 and earlier versions, which stems from the cross-site script defects of the component REST Endpoint, which can be used remotely by the attackers.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

ExpressGateway

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/freshfish-hust/my-cves/issues/6#issue-3287078206 https://vuldb.com/?submit.627833 https://vuldb.com/?id.320418 https://vuldb.com/?ctiid.320418 https://access.redhat.com/security/cve/cve-2025-9096 https://nvd.nist.gov/vuln/detail/CVE-2025-9096