Lucene search
K

40 matches found

RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

6.1CVSS5.5AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2026-27506

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.8 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

5.1CVSS5.8AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 5:25 p.m.5 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

5.1CVSS5.8AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-27506

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 5:25 p.m.4 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

6.1CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 5:25 p.m.5 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

6.1CVSS0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 5:25 p.m.7 views

CVE-2026-27506

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 5:25 p.m.3 views

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

5.1CVSS5.9AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 5:25 p.m.4 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

5.1CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/02/20 5:25 p.m.6 views

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:55 p.m.3 views

CVE-2026-27506

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS5.3AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 4:55 p.m.14 views

CVE-2026-27506

SVXportal before or equal to version 2.5 contains a stored XSS in the profile update flow (user_settings.php -> admin/update_user.php). Authenticated users can inject HTML/JavaScript into profile fields (Firstname, lastname, email, image_url) that are rendered uncoded in the admin interface (a...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 4:55 p.m.4 views

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 4:49 p.m.3 views

CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 4:49 p.m.26 views

CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

6.1CVSS0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:49 p.m.5 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 4:49 p.m.15 views

CVE-2026-27505

SVXportal admin/user_action.php). User-supplied fields (Firstname, lastname, email) are stored without proper output encoding and later rendered in the admin interface (admin/users.php), enabling an unauthenticated remote attacker to inject JavaScript that executes in an administrator’s browser ...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder