CVE-2026-27502

Name of the Vulnerable Software and Affected Versions SVXportal versions prior to 2.6

Description The application has a reflected cross-site scripting issue in the 'log.php' file through the search query parameter. The application directly includes the unsanitized parameter value into an HTML input value attribute. This allows a remote attacker to inject and execute arbitrary JavaScript in a victim’s browser by sending a crafted URL. Successful exploitation could lead to session data theft, unauthorized actions performed as the victim, or modification of displayed content.

Recommendations Versions prior to 2.6 should be updated.