CVE-2026-12948
Stored Cross-Site Scripting (XSS)
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
19th
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).
| CWE | CWE-79 |
| Vendor | digi international |
| Product | digi portserver ts |
| Published | Jul 7, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for digi international digi portserver ts
Be the first to know when new unknown vulnerabilities affecting digi international digi portserver ts are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Digi International / Digi PortServer TS
82000747_V1 โค 82000747_AB
Digi International / Digi One SP
82000774_Z โค 82000774_AB
Digi International / Digi One SP IA
82000774_Z โค 82000774_AB
Digi International / Digi One IA
82000774_Z โค 82000774_AB