Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 20, 2026

SVXportal <= 2.5 log.php Search Reflected XSS

CVE-2026-27502

Description

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim's browser if the victim visits a crafted URL. This can be used to steal session data, perform actions as the victim, or modify displayed content.

Affected products

Itsourcecode/productllm-fuzzy
Range: <=2.5
sa2blv/SVXportalv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/svxportal-log-php-search-reflected-xssmitrethird-party-advisory
github.com/sa2blv/SVXportal/blob/master/log.phpmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000