Multiple vulnerabilities in GDTaller

Description

A vulnerability marked as problematic has been reported in GDTaller. Affected by this vulnerability is an unknown functionality of the file app_recuperarclave.php of the component URL Handler. Performing a manipulation of the argument site results in cross site scripting. This vulnerability is known as CVE-2025-41027.

Affected Products

Vendor	Product	Versions
GDTaller	GDTaller	0, GHSA-g3hg-j4jv-cwfr, GHSA-wvvq-wgcr-9q48

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller(patch)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2025-41027 | GDTaller URL app_recuperarclave.php site cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

Published3/26/2026

Last enriched6h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated description with more technical detail, changed severity to HIGH, and marked the vulnerability as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v16h ago

Initial creation