Multiple vulnerabilities in GDTaller
Posted date 26/03/2026
Identificador
INCIBE-2026-231
Importance
3 - Medium
Affected Resources
GDTaller.
Description
INCIBE has coordinated the publication of 2 medium-severity vulnerabilities affecting GDTaller, workshop management software. The vulnerabilities were discovered by Gonzalo Aguilar García (6h4ack).
This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:
- CVE-2025-41026 y CVE-2025-41027: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79.
Solution
The vulnerabilities has been fixed by the GDTaller team in the current version.
Detail
Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL. The relation of parameters and assigned identifiers is as follows:
- CVE-2025-41026: 'site' parameter in 'app_login.php';
- CVE-2025-41027: 'site' parameter in 'app_recuperarclave.php'.
CVE
| Identificador CVE | Severidad | Explotación | Fabricante |
|---|---|---|---|
| CVE-2025-41026 | Media | No | GDTaller |
| CVE-2025-41027 | Media | No | GDTaller |
References list
Etiquetas
