CVE-2026-27502
Received Received - Intake
Reflected XSS in SVXportal log.php Enables Session Hijacking

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: VulnCheck

Description
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser if the victim visits a crafted URL. This can be used to steal session data, perform actions as the victim, or modify displayed content.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27502
EUVD
EUVD-2026-8325
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radioinorr svxportal to 2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27502 is a reflected cross-site scripting (XSS) vulnerability found in SVXportal version 2.5 and earlier, specifically in the log.php file via the search query parameter.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application embeds the unsanitized search parameter value directly into an HTML input value attribute. This allows an unauthenticated remote attacker to inject and execute arbitrary JavaScript code in the victim's browser if the victim visits a specially crafted URL."}, {'type': 'paragraph', 'content': 'This flaw is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).'}] [1]

Impact Analysis

Exploitation of this vulnerability can lead to theft of session data, allowing attackers to hijack user sessions.

Attackers can perform unauthorized actions on behalf of the victim.

The attacker can also modify the content displayed to the victim, potentially misleading or deceiving the user.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the log.php endpoint of SVXportal version 2.5 or earlier for reflected cross-site scripting via the search query parameter.'}, {'type': 'paragraph', 'content': 'A common method is to send a crafted HTTP request with a script payload in the search parameter and observe if the payload is reflected unsanitized in the HTML response.'}, {'type': 'paragraph', 'content': 'Example command using curl to test for the vulnerability:'}, {'type': 'list_item', 'content': 'curl -i "http://[target]/log.php?search=<script>alert(\'XSS\')</script>"'}, {'type': 'paragraph', 'content': 'If the response contains the injected script tag without proper sanitization or encoding, the vulnerability is present.'}] [1]

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid using or exposing the vulnerable log.php search parameter until a patch or fix is applied.
  • Implement input validation and output encoding on the search parameter to prevent injection of malicious scripts.
  • Restrict access to the affected application or monitor for suspicious activity involving crafted URLs targeting the search parameter.
  • Apply any available updates or patches from the SVXportal maintainers that address this vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27502. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart