CVE-2026-27503
Reflected XSS in SVXportal Admin Log Enables Session Theft
Publication date: 2026-02-20
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radioinorr | svxportal | to 2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27503 is a reflected cross-site scripting (XSS) vulnerability found in SVXportal version 2.5 and earlier, specifically in the admin/log.php file via the search query parameter.'}, {'type': 'paragraph', 'content': "When an authenticated administrator visits a specially crafted URL, the application inserts the unsanitized search parameter value directly into an HTML input value attribute. This allows attacker-supplied JavaScript code to execute in the administrator's browser."}, {'type': 'paragraph', 'content': 'This occurs because the input is not properly neutralized, leading to the execution of malicious scripts in the context of the admin user.'}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Exploitation of this vulnerability can lead to session theft, allowing attackers to hijack the administrator's session."}, {'type': 'paragraph', 'content': 'Attackers may also forge administrative actions, potentially causing unauthorized changes or damage within the application.'}, {'type': 'paragraph', 'content': 'Other browser-based compromises can occur in the context of the admin user, which could lead to further security breaches or loss of control over the application.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for reflected cross-site scripting attempts in the admin/log.php endpoint, specifically via the search query parameter.'}, {'type': 'paragraph', 'content': 'One way to detect it is to monitor HTTP requests to the admin/log.php page that include suspicious or crafted search parameters containing JavaScript code.'}, {'type': 'paragraph', 'content': 'For example, you can use curl or similar tools to test if the search parameter is reflected unsanitized in the response.'}, {'type': 'list_item', 'content': "curl -i 'http://your-svxportal-domain/admin/log.php?search=<script>alert(1)</script>'"}, {'type': 'list_item', 'content': 'Observe if the response contains the injected script tag within the HTML input value attribute.'}, {'type': 'paragraph', 'content': 'Additionally, web application scanners or proxy tools like Burp Suite can be used to automate detection of reflected XSS by sending crafted payloads to the search parameter and analyzing the responses.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the admin interface to trusted administrators only and avoiding clicking on suspicious or untrusted URLs containing crafted search parameters.
Administrators should be cautious when accessing URLs with search parameters in the admin/log.php page.
If possible, apply any available patches or updates that sanitize the search parameter input to prevent script injection.
As a temporary workaround, consider implementing web application firewall (WAF) rules to detect and block requests containing suspicious script tags or JavaScript payloads in the search parameter.