CVE-2025-41357

Name of the Vulnerable Software and Affected Versions Anon Proxy Server version 0.104

Description A Reflected Cross-Site Scripting (XSS) vulnerability exists that allows an attacker to execute JavaScript code in a victim's browser by sending a malicious URL. This can be used to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. The vulnerability affects the host parameter in the '/diagdns.php' API endpoint.

Recommendations Update to a newer version that contains a fix for this vulnerability.