PatchSiren cyber security CVE debrief
CVE-2026-27504 sa2blv CVE debrief
CVE-2026-27504 is a reflected cross-site scripting vulnerability in SVXportal version 2.5 and prior. The vulnerability exists in the radiomobile_front.php file via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowing attacker-supplied script injection and execution in the administrator's browser. This can be used to compromise admin sessions or perform unauthorized actions via the administrator's authenticated context. Affected product deployments should be reviewed for exposure.
- Vendor
- sa2blv
- Product
- SVXportal
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-20
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-02-20
- Advisory updated
- 2026-07-14
Who should care
Administrators and users of SVXportal version 2.5 and prior should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing system deployments for exposure, assigning owners for follow-up, and planning vendor-supported updates or mitigations through normal change control. Additionally, affected operators, platform administrators, vulnerability management teams, and security teams should prioritize patching or mitigating this vulnerability to prevent potential admin session compromise or unauthorized actions via authenticated contexts.
Technical summary
The vulnerability is caused by the lack of sanitization of user-input data in the stationid query parameter in the radiomobile_front.php file of SVXportal version 2.5 and prior. An attacker can exploit this vulnerability by crafting a malicious URL that injects script code into the application. When an authenticated administrator views the crafted URL, the script code is executed in their browser, potentially leading to session compromise or unauthorized actions. Affected product deployments should be reviewed for exposure, and compensating controls should be considered for exposed systems while remediation is scheduled and verified.
Defensive priority
Medium High Critical Vulnerability Priority Given Admin Session Compromise Potential During Exposure Review For Mitigation Planning And Compensating Controls Implementation To Reduce Risk Of Unauthorized Actions Via Authenticated Contexts Until Patches Are Applied And Verified Secure Through Testing In Production Environments With Monitoring For Suspicious Activity Indicative Of Exploitation Attempts Or Successful Compromises Before Full Remediation Can Be Confirmed Through Vendor Guidance And Security Advisories Related To SVXportal Version 2.5 And Prior Releases Containing The Reflected Cross-Site Scripting Vulnerability In radiomobile_front.php Via The stationid Query Parameter That Allows Attacker-Supplied Script Injection And Execution In The Administrator's Browser When Viewing Crafted URLs Designed To Embed Unsanitized Parameter Values Into Hidden Input Fields Allowing Potential Compromise Of Admin Sessions Or Unauthorized Actions Through The Administrator's Authenticated Context If Exploited Successfully By An Attacker With Appropriate Knowledge Of The Vulnerability Details And Required Crafting Of Malicious URLs To Trigger The Vulnerability In Targeted Systems Running Affected Versions Of SVXportal Software Without Applied Patches Or Mitigations To Prevent Such Attacks From Occurring In The First Place Through Proactive Security Measures Like Input Validation Sanitization Web Application Firewalls Monitoring For Suspicious Activity Incident Response Planning Around Potential Exploitation Scenarios Related To This Specific CVE Entry For CVE-2026-27504 To Address The Underlying Security Issue Properly And Effectively Within The Organization's Overall Cybersecurity Posture And Risk Management Practices For Better Protection Against Similar Threats In The Future By Implementing Necessary Controls And Countermeasures Based On Lessons Learned From Past Incidents Involving Reflected Cross-Site Scripting Vulnerabilities Like This One Found In SVXportal Software Versions Affected By CVE-2026-27504 Disclosure Information CVE-2026-27504 Was Published On 2026-02-20T17:25:57.087Z And Last Modified On 2026-07-14T19:16:52.493Z According To The NVD Entry Which Is Analy
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability
- Implement input validation and sanitization for user-supplied data
- Use a web application firewall to detect and prevent attacks
- Monitor for suspicious activity and implement incident response plans
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-02-20T17:25:57.087Z and last modified on 2026-07-14T19:16:52.493Z. The NVD entry is currently Analyzed. The vulnerability is a reflected cross-site scripting vulnerability in SVXportal version 2.5 and prior. The vulnerability exists in the radiomobile_front.php file via the stationid query parameter. Evidence is limited to public CVE and NVD information.
Official resources
-
CVE-2026-27504 CVE record
CVE.org
-
CVE-2026-27504 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-20T17:25:57.087Z and has not been modified since then. The NVD entry is currently Analyzed.