Описание
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js
A cross-site scripting (XSS) issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user who views the affected page/route. The attack can be triggered over the network with low complexity and requires a low-privileged authenticated context and user interaction (viewing the page). Impact is limited to confidentiality and integrity of the session in the affected UI.
Пакеты
express-gateway
<= 1.16.10
Отсутствует
Связанные уязвимости
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.