cvedb.io
CVE-2026-27502
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-02-20T17:25:56.750 · Last modified 2026-06-17T10:27:15.740

Summary

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser if the victim visits a crafted URL. This can be used to steal session data, perform actions as the victim, or modify displayed content.

Affected products

radioinorr — svxportal

Does this affect you?

Add your gear to cvedb and we'll alert you only when radioinorr ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.