Multiple vulnerabilities in GDTaller

Description

A vulnerability marked as problematic has been reported in GDTaller. Affected by this vulnerability is an unknown functionality of the file app_recuperarclave.php of the component URL Handler. Performing a manipulation of the argument site results in cross site scripting. This vulnerability is known as CVE-2025-41027.

Affected Products

Vendor	Product	Versions
GDTaller	GDTaller	0, GHSA-g3hg-j4jv-cwfr, GHSA-wvvq-wgcr-9q48

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller(patch)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2025-41027 | GDTaller URL app_recuperarclave.php site cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

Published3/26/2026

Last enriched4h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated description with more technical detail, changed severity to HIGH, and marked the vulnerability as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v14h ago

Initial creation