ExpressGateway Cross-Site Scripting Vulnerability in REST API Endpoint

A reflected cross-site scripting vulnerability has been identified in ExpressGateway's express-gateway version 1.16.10 and possibly earlier. The issue resides in the REST API endpoints '/users/:id' and '/apps/:id', where user-supplied input is not properly sanitized before being reflected in the response. This allows attackers to inject malicious JavaScript that is executed in the context of the victim's browser, potentially leading to session hijacking, unauthorized actions, or data exfiltration, especially if the target is an administrator.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the '/apps/:id' or '/users/:id' endpoint with an unsanitized payload in the ':id' parameter. The injected script will be reflected in the response and executed in the browser.

Remediation

It is recommended to implement proper output encoding for user-supplied data before including it in responses. Additionally, set a safe content-type for error responses that contain user-controlled data.