CVE-2025-41355
published 2026-03-31CVE-2025-41355: Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.19%
9.3th percentile
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server
v0.104. This vulnerability allows an attacker to execute JavaScript code
in the victim's browser by sending him/her a malicious URL. This
vulnerability can be exploited to steal sensitive user data, such as
session cookies, or to perform actions on behalf of the user. It affects
'port' and 'proxyPort' parameters in '/anon.php' endpoint.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anon_proxy_server | anon_proxy_server | — | — |
| anonproxyserver | anon_proxy_server | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-31
Published