CVE-2025-41356

Name of the Vulnerable Software and Affected Versions Anon Proxy Server version 0.104

Description A Reflected Cross-Site Scripting (XSS) vulnerability exists in Anon Proxy Server version 0.104. This allows an attacker to execute JavaScript code in a victim's browser by sending a malicious URL. This can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. The vulnerability affects the host parameter in the '/diagconnect.php' API endpoint.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the host parameter in the '/diagconnect.php' endpoint to prevent the injection of malicious JavaScript code.