{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-04T18:04:08.613","vulnerabilities":[{"cve":{"id":"CVE-2025-41355","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-03-31T09:16:22.137","lastModified":"2026-06-17T09:22:45.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server \nv0.104. This vulnerability allows an attacker to execute JavaScript code\n in the victim's browser by sending him/her a malicious URL. This \nvulnerability can be exploited to steal sensitive user data, such as \nsession cookies, or to perform actions on behalf of the user. It affects \n'port' and 'proxyPort' parameters in '/anon.php' endpoint."},{"lang":"es","value":"Vulnerabilidad de cross-site scripting (XSS) reflejado en Anon Proxy Server v0.104. Esta vulnerabilidad permite a un atacante ejecutar código JavaScript en el navegador de la víctima enviándole una URL maliciosa. Esta vulnerabilidad puede ser explotada para robar datos sensibles del usuario, como cookies de sesión, o para realizar acciones en nombre del usuario. Afecta a los parámetros 'port' y 'proxyPort' en el endpoint '/anon.php'."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Anon Proxy Server","product":"Anon Proxy Server","defaultStatus":"unaffected","versions":[{"version":"0.104","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-31T15:02:46.248555Z","id":"CVE-2025-41355","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anonproxyserver:anon_proxy_server:0.104:*:*:*:*:*:*:*","matchCriteriaId":"58ED9571-EA95-4002-A5A2-10EBC703F39D"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-anon-proxy-server","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]}]}}]}