Unified Contact Center Express
CVE-2026-20117
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
AnalysisAI
Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A succes
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenti
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allo
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) cou
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as use
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) cou
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated,
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect s
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today