Medium severity6.1NVD Advisory· Published Mar 31, 2026· Updated Apr 7, 2026

CVE-2025-41356

Description

Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagconnect.php'

endpoint.

Affected products

Anon Proxy Server/Anon Proxy Server
cpe:2.3:a:anonproxyserver:anon_proxy_server:0.104:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-anon-proxy-servernvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000