XSS in Gdtaller

CVE-2025-41026

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (2.1th percentile) — read the EPSS interpretation.

Affected products

Gdtaller — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller (patch)