Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
IDC SFX Series Web Interface Allows Unauthorized Code Execution
CVE-2026-28772
Summary
A vulnerability in the IDC SFX Series Web Interface can allow an attacker to execute unauthorized code on a website, potentially stealing user data or taking control of the user's browser. This could happen if a user clicks on a malicious link or visits a compromised website. Users of the IDC SFX Series should update to the latest version of the software to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| datacast | sfx2100_firmware | All versions | – |
Original title
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Inte...
Original description
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026