Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 5, 2026

Reflected XSS in IDC_Logging Index endpoint

CVE-2026-28772

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the submitType parameter, which is reflected directly into the DOM without proper escaping.

Affected products

International Datacasting Corporation/SFX Series SuperFlex Satellite Receiverllm-fuzzy
Range: 101
International Datacasting Corporation (IDC)/SFX Series SuperFlex SatelliteReceiver Web Management Interfacev5
Range: 101

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.abdulmhsblog.com/posts/sfx2100-vulns/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000