๐Ÿ” CVE Alert

CVE-2026-12948

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS)

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
19th

A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).

CWE CWE-79
Vendor digi international
Product digi portserver ts
Published Jul 7, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for digi international digi portserver ts

Be the first to know when new unknown vulnerabilities affecting digi international digi portserver ts are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Digi International / Digi PortServer TS
82000747_V1 โ‰ค 82000747_AB
Digi International / Digi One SP
82000774_Z โ‰ค 82000774_AB
Digi International / Digi One SP IA
82000774_Z โ‰ค 82000774_AB
Digi International / Digi One IA
82000774_Z โ‰ค 82000774_AB

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
digi.com: https://www.digi.com/resources/security