CVE-2026-28772 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface, specifically version 101. The vulnerability resides in the /IDC_Logging/index.cgi endpoint, where the submitType parameter is accepted from user input and reflected directly into the web page's Document Object Model (DOM) without proper input validation or output encoding. This improper neutralization of input (classified under CWE-79) enables an attacker to craft malicious payloads that, when delivered to a victim and executed in their browser, can run arbitrary JavaScript or HTML code. The attack vector is remote and does not require prior authentication, but it does require user interaction, such as clicking a malicious link or visiting a crafted URL. The vulnerability's CVSS 4.0 score of 5.1 reflects medium severity, with network attack vector, low attack complexity, no privileges required, but user interaction necessary. The impact on confidentiality and integrity is limited but can lead to session hijacking, credential theft, or unauthorized actions performed in the context of the victim's session. Availability impact is negligible. No patches or known exploits are currently documented, but the vulnerability poses a risk to organizations using the affected IDC satellite receiver management interface, particularly those in critical communication sectors.

The primary impact of this vulnerability is the potential compromise of user sessions and the execution of unauthorized actions within the context of the affected web management interface. Attackers exploiting this XSS flaw could steal authentication tokens, perform phishing attacks, or manipulate the interface to disrupt satellite receiver management. For organizations relying on IDC SFX Series SuperFlex SatelliteReceivers, especially in sectors such as broadcasting, defense, and satellite communications, this could lead to unauthorized access to sensitive operational controls or data. Although the vulnerability requires user interaction, the remote and unauthenticated nature of the attack vector increases the risk of widespread exploitation if attackers distribute malicious links. The medium severity indicates that while the vulnerability is not critical, it can facilitate further attacks or lateral movement within networks if chained with other vulnerabilities. The lack of known exploits in the wild suggests limited current impact but does not preclude future exploitation attempts.

Organizations should immediately assess their exposure to the affected IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. Since no official patches are currently available, mitigation should focus on: 1) Implementing web application firewalls (WAFs) with rules to detect and block malicious payloads targeting the submitType parameter; 2) Employing strict input validation and output encoding on the interface if custom modifications are possible; 3) Restricting access to the management interface to trusted networks or VPNs to reduce exposure; 4) Educating users about the risks of clicking unsolicited links related to the management interface; 5) Monitoring logs for suspicious requests to the /IDC_Logging/index.cgi endpoint; 6) Coordinating with IDC for timely patch releases and applying updates once available; 7) Considering network segmentation to isolate satellite management systems from general user networks to limit attack surface.