CVE-2026-28771
Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context.
| CWE | CWE-79 |
| Vendor | international datacasting corporation (idc) |
| Product | sfx series superflex satellite receiver web management interface |
| Published | Mar 4, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for international datacasting corporation (idc) sfx series superflex satellite receiver web management interface
Be the first to know when new unknown vulnerabilities affecting international datacasting corporation (idc) sfx series superflex satellite receiver web management interface are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
International Datacasting Corporation (IDC) / SFX Series SuperFlex Satellite Receiver Web Management Interface
101
References
Credits
Abdul Mhanni