CVE-2025-41026

Description

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

References

• https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gdtaller