CVE-2026-9144

HIGH 7.6

Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

CVSS Score

7.6

EPSS Score

0.0%

EPSS Percentile

0th

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.

CWE	CWE-79
Vendor	taiko network communications pte ltd.
Product	ag1000-01a sms alert gateway
Published	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for taiko network communications pte ltd. ag1000-01a sms alert gateway

Be the first to know when new high vulnerabilities affecting taiko network communications pte ltd. ag1000-01a sms alert gateway are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Affected Versions

Taiko Network Communications Pte Ltd. / AG1000-01A SMS Alert Gateway

Rev 7.3 Rev 8 UM-AG1000_R7.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

medium.com: https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e vulncheck.com: https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-stored-xss-via-web-configuration-interface

Credits

Muhammad Imam Baguna VulnCheck