CVE-2026-27505
Stored XSS in SVXportal User Registration Allows Admin Hijack
Publication date: 2026-02-20
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radioinorr | svxportal | to 2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and properly encoding user-supplied input fields such as Firstname, Lastname, and Email before storing or rendering them in the administrator interface.
Restrict access to the administrator interface (admin/users.php) to trusted users only and ensure that only authenticated administrators can view this page.
Apply input validation and output encoding in the user registration workflow (index.php and admin/user_action.php) to prevent injection of arbitrary JavaScript.
If possible, update SVXportal to a version that addresses this vulnerability or apply patches provided by the vendor or community.
As a temporary measure, monitor logs for suspicious activity and consider disabling the user registration feature if it is not essential.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27505 is a stored cross-site scripting (XSS) vulnerability in SVXportal version 2.5 and earlier. It occurs in the user registration workflow where user-supplied fields such as Firstname, Lastname, and Email are stored in the backend database without proper output encoding. These fields are later displayed in the administrator interface, allowing an unauthenticated remote attacker to inject arbitrary JavaScript code that executes in the administrator's browser when they view the affected page."}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser of an administrator who views the affected user management page. This can lead to unauthorized actions performed with the administrator's privileges, potential theft of sensitive information, session hijacking, or further compromise of the system."}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by examining the user registration workflow and the administrator interface for signs of stored cross-site scripting (XSS) payloads. Specifically, look for suspicious JavaScript code in the user-supplied fields such as Firstname, Lastname, and Email stored in the backend database and rendered in admin/users.php.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or presence of malicious scripts, you can query the database for suspicious entries in these fields.'}, {'type': 'list_item', 'content': "Use SQL commands to search for common XSS payload patterns in the user table, for example: SELECT * FROM users WHERE firstname LIKE '%<script>%' OR lastname LIKE '%<script>%' OR email LIKE '%<script>%';"}, {'type': 'list_item', 'content': 'Monitor HTTP requests to index.php and admin/user_action.php for unusual input containing JavaScript code.'}, {'type': 'list_item', 'content': 'Use web application security scanners that detect stored XSS vulnerabilities by submitting payloads in the registration form and checking if they appear unencoded in the admin interface.'}] [2]