A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.digi.com/resources/security |
|
History
Tue, 07 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79). | |
| Title | Stored Cross-Site Scripting (XSS) | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Digi
Published:
Updated: 2026-07-07T14:56:24.483Z
Reserved: 2026-06-22T20:33:02.985Z
Link: CVE-2026-12948
Updated: 2026-07-07T14:56:19.293Z
No data.
No data.
OpenCVE Enrichment
No data.