CVE-2026-28772

UNKNOWN 0.0

Reflected XSS in IDC_Logging Index endpoint

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.

CWE	CWE-79
Vendor	international datacasting corporation (idc)
Product	sfx series superflex satellitereceiver web management interface
Published	Mar 4, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for international datacasting corporation (idc) sfx series superflex satellitereceiver web management interface

Be the first to know when new unknown vulnerabilities affecting international datacasting corporation (idc) sfx series superflex satellitereceiver web management interface are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

International Datacasting Corporation (IDC) / SFX Series SuperFlex SatelliteReceiver Web Management Interface

101

References

NVD ↗ CVE.org ↗ EPSS Data ↗

abdulmhsblog.com: https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Credits

Abdul Mhanni