CVE-2025-9095 | ExpressGateway express-gateway up to 1.16.10 REST Endpoint lib/rest/routes/users.js cross site scripting

A vulnerability described as problematic has been identified in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting.

The identification of this vulnerability is CVE-2025-9095. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More