CVE-2026-27506
- EPSS 0.03%
- Veröffentlicht 20.02.2026 16:55:22
- Zuletzt bearbeitet 23.02.2026 13:55:30
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can store malicious HTML/JavaScript in fields such as...
CVE-2026-27505
- EPSS 0.04%
- Veröffentlicht 20.02.2026 16:49:12
- Zuletzt bearbeitet 23.02.2026 13:56:05
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backe...
CVE-2026-27504
- EPSS 0.04%
- Veröffentlicht 20.02.2026 16:48:57
- Zuletzt bearbeitet 23.02.2026 13:57:52
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized paramet...
CVE-2026-27503
- EPSS 0.03%
- Veröffentlicht 20.02.2026 16:48:40
- Zuletzt bearbeitet 23.02.2026 13:58:42
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value di...
CVE-2026-27502
- EPSS 0.05%
- Veröffentlicht 20.02.2026 16:48:24
- Zuletzt bearbeitet 23.02.2026 13:59:18
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthen...