CVE-2025-9095

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10

Description: A flaw has been found in ExpressGateway affecting processing within the lib/rest/routes/users.js library of the REST Endpoint component. Manipulation of this component can lead to cross site scripting (XSS). The attack can be initiated remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this issue but did not respond.

Recommendations: Versions prior to 1.16.10 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.