Skip to main content

Digi One Sp Ia

1 CVEs product

Monthly

CVE-2026-12948 MEDIUM CISA This Month

Stored cross-site scripting in the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA serial device servers allows a remote, authenticated administrator to persist malicious script payloads in system configuration fields. The injected script executes in the browser of any user who subsequently views the affected configuration pages, enabling session hijacking, credential theft, or UI redress attacks against those users. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 4.8 reflects the high-privilege prerequisite that meaningfully constrains real-world risk.

XSS Digi Portserver Ts Digi One Sp Digi One Sp Ia Digi One Ia
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting in the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA serial device servers allows a remote, authenticated administrator to persist malicious script payloads in system configuration fields. The injected script executes in the browser of any user who subsequently views the affected configuration pages, enabling session hijacking, credential theft, or UI redress attacks against those users. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 4.8 reflects the high-privilege prerequisite that meaningfully constrains real-world risk.

XSS Digi Portserver Ts Digi One Sp +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy