CVE-2026-9144
Deferred Deferred - Pending Action
Stored XSS in Taiko AG1000-01A SMS Alert Gateway

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: VulnCheck

Description
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. Attackers can bypass front-end length restrictions using JavaScript comments and template literals to concatenate executable script fragments that are rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-08
NVD
CVE-2026-9144
EUVD
EUVD-2026-31191
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
taiko ag1000-01a_sms_alert_gateway 7.3
taiko ag1000-01a_sms_alert_gateway 8
taiko ag1000-01a_sms_alert_gateway From 7.3 (inc) to 8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided context and resources do not explicitly discuss the impact of CVE-2026-9144 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-9144 is a stored cross-site scripting (XSS) vulnerability in the Taiko AG1000-01A SMS Alert Gateway, specifically in versions Rev 7.3 and Rev 8. It exists in the embedded web configuration interface and allows authenticated attackers to execute persistent JavaScript code.

Attackers exploit this by fragmenting malicious payloads across multiple administrative form fields and bypassing front-end length restrictions using JavaScript comments and template literals. These script fragments are concatenated and rendered in administrative dashboard views such as index.zhtml, resulting in persistent script execution within administrative sessions.

Impact Analysis

This vulnerability allows authenticated attackers to execute persistent malicious JavaScript within the administrative interface of the Taiko AG1000-01A SMS Alert Gateway.

Such persistent script execution can lead to unauthorized actions within administrative sessions, potentially compromising the integrity and security of the system, stealing sensitive information, or manipulating administrative functions.

Detection Guidance

This vulnerability is a stored cross-site scripting (XSS) issue in the embedded web configuration interface of the Taiko AG1000-01A SMS Alert Gateway. Detection involves verifying if malicious JavaScript payloads can be injected and persist in administrative dashboard views such as index.zhtml.

Since the vulnerability requires authenticated access and involves fragmented JavaScript payloads across multiple administrative form fields, detection can be performed by attempting to input specially crafted scripts using the web interface and observing if the scripts execute persistently in the admin dashboard.

No specific commands are provided in the available resources for automated detection or scanning.

Mitigation Strategies

The provided information does not include explicit mitigation steps or patches.

However, general best practices for mitigating stored XSS vulnerabilities include restricting administrative access, applying input validation and sanitization on all form fields, and monitoring for suspicious script execution within administrative sessions.

It is also advisable to check for vendor updates or patches addressing this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9144. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart