Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 5, 2026
Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101
CVE-2026-28771
Description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the cat parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 101+ 1 more
- (no CPE)range: = 101
- (no CPE)range: 101
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.