CVE-2026-9144

216.73.216.233

· Published 20/05/2026 20:16 · Modified 21/05/2026 15:17

Labels: CVE-2026-9144 2026-05-20 CVE-2026-9144 CWE-79 [email protected]

Essential information

Published: 20/05/2026 20:16
Modified: 21/05/2026 15:17
Author: —
Creator: —
CVSS: 8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
taiko / ag1000-01a	`cpe:2.3:h:taiko:ag1000-01a::::::::`