CVE-2026-28772

216.73.217.22

· Published 04/03/2026 08:16 · Modified 05/03/2026 06:16

Labels: CVE-2026-28772 2026-03-04 CVE-2026-28772 CWE-79 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published: 04/03/2026 08:16
Modified: 05/03/2026 06:16
Author: —
Creator: —
CVSS: 5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD: View on NVD

Affected products (CPE)

Product	CPE
international datacasting corporation / sfx series superflex satellitereceiver	`cpe:2.3:a:international_datacasting_corporation:sfx_series_superflex_satellitereceiver:101:::::::*`