CVE-2025-41081

Summary

Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/<PATH>.php/<XSS>'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Affected Software

VendorProductVersion RangeStatus
Zuinq StudioIsMyGymall versionsaffected

Weaknesses

  • 79

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References