CVE-2026-0788 (GCVE-0-2026-0788)
Vulnerability from cvelistv5 – Published: 2026-01-23 03:01 – Updated: 2026-01-23 19:41
VLAI
Title
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability
Summary
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the functionality for viewing the syslog. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-28298.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ALGO | 8180 IP Audio Alerter |
Affected:
5.5
|
Date Public
2026-01-09 15:55
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T19:40:59.688076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T19:41:10.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "8180 IP Audio Alerter",
"vendor": "ALGO",
"versions": [
{
"status": "affected",
"version": "5.5"
}
]
}
],
"dateAssigned": "2026-01-08T22:55:33.379Z",
"datePublic": "2026-01-09T15:55:14.793Z",
"descriptions": [
{
"lang": "en",
"value": "ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user\u0027s privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the functionality for viewing the syslog. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-28298."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T03:01:12.802Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-010",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-010/"
}
],
"source": {
"lang": "en",
"value": "Vera Mensa of Claroty Research - Team82"
},
"title": "ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-0788",
"datePublished": "2026-01-23T03:01:12.802Z",
"dateReserved": "2026-01-08T22:55:33.353Z",
"dateUpdated": "2026-01-23T19:41:10.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-0788",
"date": "2026-06-28",
"epss": "0.00371",
"percentile": "0.2892"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-0788\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2026-01-23T04:16:06.447\",\"lastModified\":\"2026-06-17T10:11:23.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user\u0027s privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.\\n\\nThe specific flaw exists within the functionality for viewing the syslog. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-28298.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Scripting Persistente en la UI web de ALGO 8180 IP Audio Alerter. Esta vulnerabilidad permite a atacantes remotos ejecutar solicitudes web con los privilegios de un usuario objetivo en instalaciones afectadas de dispositivos ALGO 8180 IP Audio Alerter. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad.\\n\\nLa falla espec\u00edfica existe dentro de la funcionalidad para ver el syslog. El problema resulta de la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyecci\u00f3n de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para interactuar con la aplicaci\u00f3n en el contexto del usuario objetivo. Fue ZDI-CAN-28298.\"}],\"affected\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"affectedData\":[{\"vendor\":\"ALGO\",\"product\":\"8180 IP Audio Alerter\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"5.5\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-23T19:40:59.688076Z\",\"id\":\"CVE-2026-0788\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:algosolutions:8180_ip_audio_alerter_firmware:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"853BF5C9-122B-4F47-9CE7-DA3E307130ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:algosolutions:8180_ip_audio_alerter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A20E73F-D499-4973-ADDE-8B702E6F5254\"}]}]}],\"references\":[{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-26-010/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0788\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-23T19:40:59.688076Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-23T19:41:06.930Z\"}}], \"cna\": {\"title\": \"ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Vera Mensa of Claroty Research - Team82\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"ALGO\", \"product\": \"8180 IP Audio Alerter\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-01-09T15:55:14.793Z\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-26-010/\", \"name\": \"ZDI-26-010\", \"tags\": [\"x_research-advisory\"]}], \"dateAssigned\": \"2026-01-08T22:55:33.379Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user\u0027s privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.\\n\\nThe specific flaw exists within the functionality for viewing the syslog. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of the target user. Was ZDI-CAN-28298.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2026-01-23T03:01:12.802Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-0788\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-23T19:41:10.814Z\", \"dateReserved\": \"2026-01-08T22:55:33.353Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2026-01-23T03:01:12.802Z\", \"assignerShortName\": \"zdi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…