Reflected Cross-Site Scripting on Anon Proxy Server_CVE-2025-41355

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server
v0.104. This vulnerability allows an attacker to execute JavaScript code
in the victim's browser by sending him/her a malicious URL. This
vulnerability can be exploited to steal sensitive user data, such as
session cookies, or to perform actions on behalf of the user. It affects
'port' and 'proxyPort' parameters in '/anon.php' endpoint.

Basic Information

ID CVE-2025-41355

Source INCIBE

Published Mar 31, 2026 at 08:48

Modified Mar 31, 2026 at 18:04

Affected Product

Vendor Anon Proxy Server

Product Anon Proxy Server

Version 0.104

Affected Versions Anon Proxy Server Anon Proxy Server 0.104

CWE Classification

CWE-79

References

www.incibe.es /en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-anon-proxy-server

{
    "lastseen": "",
    "description": "Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server \nv0.104. This vulnerability allows an attacker to execute JavaScript code\n in the victim's browser by sending him/her a malicious URL. This \nvulnerability can be exploited to steal sensitive user data, such as \nsession cookies, or to perform actions on behalf of the user. It affects \n'port' and 'proxyPort' parameters in '/anon.php' endpoint.",
    "published": "2026-03-31T08:48:28.950Z",
    "modified": "2026-03-31T18:04:32.025Z",
    "type": "cve",
    "title": "Reflected Cross-Site Scripting on Anon Proxy Server",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-anon-proxy-server",
    "id": "CVE-2025-41355",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Anon Proxy Server Anon Proxy Server 0.104",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Anon Proxy Server",
    "version": "0.104",
    "vendor": "Anon Proxy Server",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}