CVE-2026-57399 in Proxy & VPN Blockerinfo

Summary

by MITRE • 07/13/2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proxy &amp; VPN Blocker Proxy &amp; VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy &amp; VPN Blocker: from n/a through <= 3.5.8.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/13/2026

This cross-site scripting vulnerability represents a critical web application security flaw that enables attackers to inject malicious scripts into web pages viewed by other users. The vulnerability exists within the Proxy & VPN Blocker proxy-vpn-blocker software where user input is not properly sanitized during web page generation processes, creating an environment where persistent malicious code can be stored and executed. This specific weakness falls under the Common Weakness Enumeration category CWE-79 which defines improper neutralization of input during web page generation as a primary pathway for cross-site scripting attacks. The vulnerability affects versions from n/a through 3.5.8, indicating that all installations within this range are susceptible to exploitation.

The technical implementation of this flaw occurs when the application accepts user-supplied data through various input vectors such as form fields, URL parameters, or API endpoints without adequate validation and sanitization before rendering the content in web pages. When legitimate users view pages containing stored malicious scripts, these scripts execute within their browser context, potentially compromising user sessions, stealing credentials, or redirecting users to malicious sites. The stored nature of this XSS vulnerability means that once an attacker successfully injects malicious code, it persists in the application's database and automatically executes whenever affected pages are loaded by other users.

The operational impact of this vulnerability extends beyond simple data theft, as it provides attackers with persistent access to user sessions and potentially allows for privilege escalation within the application environment. Attackers can leverage this weakness to establish backdoors, manipulate application functionality, or create a foothold for further attacks within the network infrastructure protected by the proxy and vpn blocker. This vulnerability directly aligns with ATT&CK technique T1566.001 which describes the use of malicious web content to gain initial access through phishing campaigns, making it particularly dangerous in environments where users might interact with compromised web interfaces or administrative panels.

Organizations using affected versions of this software should immediately implement comprehensive mitigations including input validation and output encoding for all user-supplied data, deployment of web application firewalls to detect and block malicious payloads, and regular security updates to patch vulnerable components. The recommended approach involves implementing strict content security policies, employing proper HTML entity encoding for dynamic content, and ensuring that all user inputs undergo rigorous sanitization before being processed or stored within the system. Additionally, regular security testing including automated vulnerability scans and manual penetration testing should be conducted to identify similar weaknesses in related applications and prevent exploitation of similar vulnerabilities across the broader attack surface.

Responsible

Patchstack

Reservation

06/24/2026

Disclosure

07/13/2026

Moderation

accepted

CPE

ready

EPSS

0.00180

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!