CVE-2025-41027
Reflected XSS in GDTaller app_recuperarclave.php Enables Code Execution
Publication date: 2026-03-26
Last updated on: 2026-03-27
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gdtaller | gdtaller | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41027 is a medium-severity reflected Cross-Site Scripting (XSS) vulnerability in the workshop management software GDTaller. It exists in the 'site' parameter of the 'app_recuperarclave.php' script. An attacker can exploit this vulnerability by sending a malicious URL containing JavaScript code. When a victim clicks this URL, the malicious code executes in their browser.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the reflected Cross-Site Scripting (XSS) vulnerability in GDTaller impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary JavaScript code in the victim's browser. This can lead to unauthorized actions such as stealing session cookies, redirecting users to malicious sites, or performing actions on behalf of the user without their consent. The impact depends on the victim interacting with the malicious URL.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'site' parameter in the 'app_recuperarclave.php' script for reflected Cross-Site Scripting (XSS). One common method is to craft a malicious URL containing JavaScript code in the 'site' parameter and observe if the code is executed in the browser.
For detection on your system or network, you can use web vulnerability scanners that support XSS detection or manually test by sending HTTP requests with payloads targeting the 'site' parameter.
- Use curl to send a test request with a script payload: curl -i "http://your-gdtaller-domain/app_recuperarclave.php?site=<script>alert('XSS')</script>"
- Use browser developer tools or intercepting proxies (e.g., Burp Suite) to modify the 'site' parameter and check if the script executes.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the GDTaller software to the latest version where this issue has been fixed by the development team.
Additionally, as a temporary measure, you can implement input validation and output encoding on the 'site' parameter to prevent execution of malicious scripts.
Educate users to avoid clicking on suspicious URLs that may exploit this vulnerability.