CVE-2025-41026 - Vulnerability Details

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gdtaller	Gdtaller

No data.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller

History

Thu, 26 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 26 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description	Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL en 'site' parameter in 'app_login.php'.	Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

Thu, 26 Mar 2026 12:45:00 +0000

Type	Values Removed	Values Added
Description		Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL en 'site' parameter in 'app_login.php'.
Title		Multiple vulnerabilities in GDTaller
First Time appeared		Gdtaller Gdtaller gdtaller
Weaknesses		CWE-79
CPEs		cpe:2.3:a:gdtaller:gdtaller::::::::
Vendors & Products		Gdtaller Gdtaller gdtaller
References		https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2026-03-26T12:31:53.316Z

Updated: 2026-03-26T13:23:17.835Z

Reserved: 2025-04-16T09:09:26.929Z

Link: CVE-2025-41026

Vulnrichment

Updated: 2026-03-26T13:23:14.303Z

NVD

Status : Awaiting Analysis

Published: 2026-03-26T13:16:24.903

Modified: 2026-03-26T15:13:15.790

Link: CVE-2025-41026

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object