CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowing attacker-supplied script injection and execution in the administrator's browser. This can be used to compromise admin sessions or perform unauthorized actions via the administrator's authenticated context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/sa2blv/SVXportal/blob/master/radiomobile_front.php
https://www.vulncheck.com/advisories/svxportal-radiomobile-front-php-stationid-reflected-xss

Products affected by CVE-2026-27504

Radioinorr » Svxportal » Version: Any

cpe:2.3:a:radioinorr:svxportal:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27504

Products

Pricing

Contact Us