Reflected Cross Site Scripting (XSS) vulnerabilities in... · CVE-2025-41026 · GitHub Advisory Database · GitHub

Reflected Cross Site Scripting (XSS) vulnerabilities in...

Moderate severity Unreviewed Published Mar 26, 2026 to the GitHub Advisory Database • Updated Mar 27, 2026

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.

References

Published by the National Vulnerability Database

Mar 26, 2026

Published to the GitHub Advisory Database Mar 26, 2026

Last updated Mar 27, 2026

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Active

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X