Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
IDC SFX Series Web Interface allows malicious scripts to run in victim's browser
CVE-2026-28771
Summary
A flaw in the IDC SFX Series web interface allows an attacker to inject malicious code into a user's browser. This could allow an attacker to steal sensitive information or take control of the user's session. Update to the latest version of the software to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| datacast | sfx2100_firmware | All versions | – |
Original title
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interfac...
Original description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026