CVE-2026-27503
Received Received - Intake
Reflected XSS in SVXportal Admin Log Enables Session Theft

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: VulnCheck

Description
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing attacker-supplied JavaScript to execute in the administrator's browser. This can enable session theft, administrative action forgery, or other browser-based compromise in the context of an admin user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27503
EUVD
EUVD-2026-8324
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radioinorr svxportal to 2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27503 is a reflected cross-site scripting (XSS) vulnerability found in SVXportal version 2.5 and earlier, specifically in the admin/log.php file via the search query parameter.'}, {'type': 'paragraph', 'content': "When an authenticated administrator visits a specially crafted URL, the application inserts the unsanitized search parameter value directly into an HTML input value attribute. This allows attacker-supplied JavaScript code to execute in the administrator's browser."}, {'type': 'paragraph', 'content': 'This occurs because the input is not properly neutralized, leading to the execution of malicious scripts in the context of the admin user.'}] [2]

Impact Analysis

[{'type': 'paragraph', 'content': "Exploitation of this vulnerability can lead to session theft, allowing attackers to hijack the administrator's session."}, {'type': 'paragraph', 'content': 'Attackers may also forge administrative actions, potentially causing unauthorized changes or damage within the application.'}, {'type': 'paragraph', 'content': 'Other browser-based compromises can occur in the context of the admin user, which could lead to further security breaches or loss of control over the application.'}] [2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for reflected cross-site scripting attempts in the admin/log.php endpoint, specifically via the search query parameter.'}, {'type': 'paragraph', 'content': 'One way to detect it is to monitor HTTP requests to the admin/log.php page that include suspicious or crafted search parameters containing JavaScript code.'}, {'type': 'paragraph', 'content': 'For example, you can use curl or similar tools to test if the search parameter is reflected unsanitized in the response.'}, {'type': 'list_item', 'content': "curl -i 'http://your-svxportal-domain/admin/log.php?search=<script>alert(1)</script>'"}, {'type': 'list_item', 'content': 'Observe if the response contains the injected script tag within the HTML input value attribute.'}, {'type': 'paragraph', 'content': 'Additionally, web application scanners or proxy tools like Burp Suite can be used to automate detection of reflected XSS by sending crafted payloads to the search parameter and analyzing the responses.'}] [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the admin interface to trusted administrators only and avoiding clicking on suspicious or untrusted URLs containing crafted search parameters.

Administrators should be cautious when accessing URLs with search parameters in the admin/log.php page.

If possible, apply any available patches or updates that sanitize the search parameter input to prevent script injection.

As a temporary workaround, consider implementing web application firewall (WAF) rules to detect and block requests containing suspicious script tags or JavaScript payloads in the search parameter.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27503. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart