CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28772

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 35.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

Products affected by CVE-2026-28772

Datacast » Sfx2100 » Version: N/A

cpe:2.3:h:datacast:sfx2100:-
Datacast » Sfx2100 Firmware » Version: N/A

cpe:2.3:o:datacast:sfx2100_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28772

Products

Pricing

Contact Us