Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
SVXportal: Attacker can steal admin session or take control of admin account
CVE-2026-27503
Summary
A weakness in SVXportal allows an attacker to trick an administrator into executing malicious code in their browser, potentially allowing them to steal sensitive information or take control of the admin account. This is a serious issue because an attacker could use it to gain access to sensitive areas of the system. To protect your system, update to the latest version of SVXportal.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| radioinorr | svxportal | <= 2.5 | – |
Original title
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the ...
Original description
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing attacker-supplied JavaScript to execute in the administrator's browser. This can enable session theft, administrative action forgery, or other browser-based compromise in the context of an admin user.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026