Vendor
Anon Proxy Server
Products
1
CVEs
6
Across products
6
Status
Private
Products
1- 6 CVEs
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-41357 | Med | 0.40 | 6.1 | 0.00 | Mar 31, 2026 | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagdns.php' endpoint. | |
| CVE-2025-41356 | Med | 0.40 | 6.1 | 0.00 | Mar 31, 2026 | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagconnect.php' endpoint. | |
| CVE-2025-41355 | Med | 0.40 | 6.1 | 0.00 | Mar 31, 2026 | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'port' and 'proxyPort' parameters in '/anon.php' endpoint. | |
| CVE-2008-0633 | 0.04 | — | 0.08 | Feb 6, 2008 | Buffer overflow in Anon Proxy Server 0.102 and earlier, when user authentication is enabled, allows remote attackers to cause a denial of service (exception) via a user name with a large number of quotes, which triggers the overflow during escaping. | ||
| CVE-2007-6459 | 0.03 | — | 0.05 | Dec 20, 2007 | Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | ||
| CVE-2007-6460 | 0.00 | — | 0.00 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. |