CVE-2026-28772

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101

Description A Reflected Cross-Site Scripting (XSS) issue exists in the /IDC Logging/index.cgi API endpoint. The issue occurs because a crafted payload sent through the submitType parameter is reflected into the Document Object Model (DOM) without proper sanitization. This could allow a remote attacker to execute arbitrary web scripts or HTML.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using the submitType parameter in the affected API endpoint /IDC Logging/index.cgi until the issue is resolved.