Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Description

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.

Basic Information

ID CVE-2026-9144

Source VulnCheck

Published May 20, 2026 at 20:07

Affected Product

Vendor Taiko Network Communications Pte Ltd.

Product AG1000-01A SMS Alert Gateway

Version Rev 7.3

Affected Versions Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Rev 7.3
Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Rev 8
Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway UM-AG1000_R7.2

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.",
    "published": "2026-05-20T20:07:27.017Z",
    "modified": "2026-05-20T20:07:27.017Z",
    "type": "cve",
    "title": "Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface",
    "source": "VulnCheck",
    "references": "https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e\nhttps://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-stored-xss-via-web-configuration-interface",
    "id": "CVE-2026-9144",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Rev 7.3\nTaiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Rev 8\nTaiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway UM-AG1000_R7.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AG1000-01A SMS Alert Gateway",
    "version": "Rev 7.3",
    "vendor": "Taiko Network Communications Pte Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface_CVE-2026-9144