CVE-2025-9096 – ExpressGateway Cross-Site Scripting Vulnerability

August 17, 2025

CVE ID : CVE-2025-9096

Published : Aug. 18, 2025, 12:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9097 – Euro Information CIC Banque et Compte en Ligne Android Improper Export of Application Components Vulnerability

Next Article CVE-2025-9095 – ExpressGateway Cross-Site Scripting Vulnerability

Highlights

CVE-2025-5405 – Chaitak-Gorai Blogbook Cross Site Scripting Vulnerability

June 1, 2025

CVE ID : CVE-2025-5405

Published : June 1, 2025, 6:15 p.m. | 9 hours, 5 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation of the argument comment_author/comment_email/comment_content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-9096 – ExpressGateway Cross-Site Scripting Vulnerability

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CVE-2025-36521 – MicroDicom DICOM Viewer Out-of-Bounds Read Vulnerability

Understanding and Implementing OAuth2 and OpenID Connect in .NET

CVE-2025-4039 – PHPGurukul Rail Pass Management System SQL Injection

AutoRecon — Best Tool for Bug Bounty & CTF

CVE-2025-5405 – Chaitak-Gorai Blogbook Cross Site Scripting Vulnerability

Optimizing Assembly Code with LLMs: Reinforcement Learning Outperforms Traditional Compilers

Alternatives to popular CLI tools: ps

CVE-2025-5886 – Emlog Cross-Site Scripting Vulnerability

CVE-2025-9096 – ExpressGateway Cross-Site Scripting Vulnerability

Related Posts