Security Advisory

CVE-2026-27505

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-20 16:49:12
Last updated 2026-05-11 23:11:22
Assigner VulnCheck
State PUBLISHED

Description

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and are later rendered in the administrator interface (admin/users.php), allowing an unauthenticated remote attacker to inject arbitrary JavaScript that executes in an administrators browser upon viewing the affected page.