What is the CVSS score of CVE-2026-28772?

CVE-2026-28772 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Sfx2100 Firmware are affected by CVE-2026-28772?

CVE-2026-28772 presents moderate security risk, a cross-site scripting vulnerability rated CVSS 6.1. Attackers could inject scripts to steal sessions or perform actions as authenticated users.

Is there a public PoC exploit available for CVE-2026-28772?

Yes, a public proof-of-concept exploit is available for CVE-2026-28772. Prioritise patching immediately. EPSS: 0.0%.

Sfx2100 Firmware CVE-2026-28772

MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-03-04 b7efe717-a805-47cf-8e9a-921fca0ce0ce

XSS Sfx2100 Firmware

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 09, 2026 - 18:23 vuln.today

Public exploit code

CVE Published

Mar 04, 2026 - 08:16 nvd

MEDIUM 6.1

DescriptionNVD

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the submitType parameter, which is reflected directly into the DOM without proper escaping.

AnalysisAI

Reflected XSS in IDC SFX2100 Firmware's logging interface allows remote attackers to inject malicious scripts through the submitType parameter without authentication or user interaction. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary JavaScript in users' browsers and potentially steal sensitive data or perform unauthorized actions. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28772 vulnerability details – vuln.today

Back