Key Information about the Vulnerability Affected Application IsMyGym Vulnerability Type Reflected Cross-Site Scripting (XSS) Identification INCIBE: INCIBE-2026-037 CVE: CVE-2025-41081 Severity Importance: 3 - Medium CVSS Scoring CVSS v4.0 Base Score: 5.1 Vector: CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVE Information CWE Type: CWE-79 Discovery and Resolution Discovered by: Gonzalo Aguilar Garcia (6h4ack) Fixed by: Zuinq Studio's team in the latest version Description This medium-severity vulnerability allows an attacker to execute JavaScript code in IsMyGym, a system for managing gyms. The vulnerability was discovered and documented with the specified CVSS and CWE codes.