CVE-2025-41356 in Anon Proxy Server
摘要 (英语)
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagconnect.php' endpoint.
负责
INCIBE
预定
2025-04-16
披露
2026-03-31
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354338 | Anon Proxy Server URL diagconnect.php 跨网站脚本 | 79 | 未定义 | 未定义 | CVE-2025-41356 |