Digi One Sp Ia
Monthly
Stored cross-site scripting in the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA serial device servers allows a remote, authenticated administrator to persist malicious script payloads in system configuration fields. The injected script executes in the browser of any user who subsequently views the affected configuration pages, enabling session hijacking, credential theft, or UI redress attacks against those users. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 4.8 reflects the high-privilege prerequisite that meaningfully constrains real-world risk.
Stored cross-site scripting in the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA serial device servers allows a remote, authenticated administrator to persist malicious script payloads in system configuration fields. The injected script executes in the browser of any user who subsequently views the affected configuration pages, enabling session hijacking, credential theft, or UI redress attacks against those users. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 4.8 reflects the high-privilege prerequisite that meaningfully constrains real-world risk.