Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27504 is a reflected cross-site scripting (XSS) vulnerability in SVXportal version 2.5 and earlier, specifically in the radiomobile_front.php script via the "stationid" query parameter.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application embeds the unsanitized "stationid" parameter value directly into a hidden input field without proper neutralization.'}, {'type': 'paragraph', 'content': 'When an authenticated administrator visits a specially crafted URL containing malicious script code in the "stationid" parameter, the injected script executes in the administrator\'s browser context.'}, {'type': 'paragraph', 'content': "This allows an attacker to perform script injection and execution, potentially compromising administrator sessions or enabling unauthorized actions using the administrator's privileges."}] [2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing attackers to execute malicious scripts in the browser of an authenticated administrator.'}, {'type': 'paragraph', 'content': "Such script execution can lead to compromise of administrator sessions, meaning attackers could hijack the admin's session."}, {'type': 'paragraph', 'content': "Attackers may also perform unauthorized actions within the application using the administrator's authenticated context, potentially leading to unauthorized changes or access."}] [2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the SVXportal version 2.5 or earlier is in use and if the radiomobile_front.php script is accessible.'}, {'type': 'paragraph', 'content': 'Detection involves checking for the presence of the vulnerable parameter "stationid" in URLs and testing if it is reflected unsanitized in the response.'}, {'type': 'paragraph', 'content': "A simple way to test is to craft a URL with a harmless script payload in the stationid parameter and observe if it is executed or reflected in the administrator's browser."}, {'type': 'list_item', 'content': 'Use curl or wget to fetch the page with a test payload, for example: curl -i "http://target/svxportal/radiomobile_front.php?stationid=<script>alert(1)</script>"'}, {'type': 'list_item', 'content': 'Use a browser or automated scanner to visit the crafted URL and check if the script executes or if the payload appears in the page source inside a hidden input field.'}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the radiomobile_front.php page to trusted administrators only.

Avoid clicking on or visiting suspicious or untrusted URLs containing the stationid parameter.

If possible, update SVXportal to a version later than 2.5 where this vulnerability is fixed.

Implement web application firewall (WAF) rules to detect and block malicious payloads in the stationid parameter.

Educate administrators about the risk of reflected XSS and the importance of not following untrusted links while authenticated.

Useful 0 Not Useful 0