CVE-2026-27503

Name of the Vulnerable Software and Affected Versions SVXportal versions prior to 2.5

Description SVXportal versions 2.5 and earlier are susceptible to a reflected cross-site scripting issue within the admin/log.php component. The issue occurs due to the application embedding unsanitized data from the search query parameter directly into an HTML input value attribute. This allows an attacker to execute arbitrary JavaScript code in the browser of an authenticated administrator who views a specially crafted URL. Successful exploitation could lead to session hijacking, unauthorized administrative actions, or other browser-based compromises performed with the privileges of an administrator. The vulnerable parameter is search query.

Recommendations Versions prior to 2.5: Update to a newer version that addresses this vulnerability.