CVE-2025-41355

EUVD-2025-209137
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server 
v0.104. This vulnerability allows an attacker to execute JavaScript code
 in the victim's browser by sending him/her a malicious URL. This 
vulnerability can be exploited to steal sensitive user data, such as 
session cookies, or to perform actions on behalf of the user. It affects 
'port' and 'proxyPort' parameters in '/anon.php' endpoint.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-anon-proxy-server