CVE-2025-41027

Name of the Vulnerable Software and Affected Versions GDTaller (affected versions not specified)

Description Reflected Cross Site Scripting (XSS) issues exist in GDTaller. These issues allow an attacker to execute JavaScript code in a victim's browser by sending a malicious URL containing crafted JavaScript within the site parameter of the 'app recuperarclave.php' file. The API endpoint ''app recuperarclave.php'' is vulnerable, specifically through the site parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.