CVE-2026-27504
Reflected XSS in SVXportal radiomobile_front.php Risks Admin Session Compromise
Publication date: 2026-02-20
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radioinorr | svxportal | to 2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27504 is a reflected cross-site scripting (XSS) vulnerability in SVXportal version 2.5 and earlier, specifically in the radiomobile_front.php script via the "stationid" query parameter.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application embeds the unsanitized "stationid" parameter value directly into a hidden input field without proper neutralization.'}, {'type': 'paragraph', 'content': 'When an authenticated administrator visits a specially crafted URL containing malicious script code in the "stationid" parameter, the injected script executes in the administrator\'s browser context.'}, {'type': 'paragraph', 'content': "This allows an attacker to perform script injection and execution, potentially compromising administrator sessions or enabling unauthorized actions using the administrator's privileges."}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing attackers to execute malicious scripts in the browser of an authenticated administrator.'}, {'type': 'paragraph', 'content': "Such script execution can lead to compromise of administrator sessions, meaning attackers could hijack the admin's session."}, {'type': 'paragraph', 'content': "Attackers may also perform unauthorized actions within the application using the administrator's authenticated context, potentially leading to unauthorized changes or access."}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the SVXportal version 2.5 or earlier is in use and if the radiomobile_front.php script is accessible.'}, {'type': 'paragraph', 'content': 'Detection involves checking for the presence of the vulnerable parameter "stationid" in URLs and testing if it is reflected unsanitized in the response.'}, {'type': 'paragraph', 'content': "A simple way to test is to craft a URL with a harmless script payload in the stationid parameter and observe if it is executed or reflected in the administrator's browser."}, {'type': 'list_item', 'content': 'Use curl or wget to fetch the page with a test payload, for example: curl -i "http://target/svxportal/radiomobile_front.php?stationid=<script>alert(1)</script>"'}, {'type': 'list_item', 'content': 'Use a browser or automated scanner to visit the crafted URL and check if the script executes or if the payload appears in the page source inside a hidden input field.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the radiomobile_front.php page to trusted administrators only.
Avoid clicking on or visiting suspicious or untrusted URLs containing the stationid parameter.
If possible, update SVXportal to a version later than 2.5 where this vulnerability is fixed.
Implement web application firewall (WAF) rules to detect and block malicious payloads in the stationid parameter.
Educate administrators about the risk of reflected XSS and the importance of not following untrusted links while authenticated.