CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing attacker-supplied JavaScript to execute in the administrator's browser. This can enable session theft, administrative action forgery, or other browser-based compromise in the context of an admin user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/sa2blv/SVXportal/blob/master/admin/log.php
https://www.vulncheck.com/advisories/svxportal-admin-log-php-search-reflected-xss

Products affected by CVE-2026-27503

Radioinorr » Svxportal » Version: Any

cpe:2.3:a:radioinorr:svxportal:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27503

Products

Pricing

Contact Us