Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.
This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks.
AnalysisAI
Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.
Technical ContextAI
The vulnerability exists in the file upload handling mechanism of the Lite Agent feature within ECE, specifically in the absence of proper file content validation and sanitization during upload operations. CWE-646 (Reliance on File Contents to Identify File Type) indicates the application trusts file contents without proper validation, allowing an attacker to upload HTML or script files that the application subsequently serves to other users. The combination of inadequate input validation and lack of output encoding creates a stored XSS condition where malicious payloads persist in the application and execute in the context of users accessing the uploaded files.
RemediationAI
Obtain and deploy the patched version of Cisco ECE from Cisco, with specific version information available in the official Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb. As an interim compensating control, restrict file upload functionality in the Lite Agent feature to authenticated administrators only, or disable the Lite Agent feature entirely if not operationally critical. Additionally, implement Content Security Policy (CSP) headers to restrict script execution from uploaded content, configure the application to serve uploaded files with 'Content-Disposition: attachment' headers to prevent in-browser execution, and audit file uploads to the Lite Agent feature for suspicious HTML or script content. Note that disabling Lite Agent may impact user functionality, so coordinate with business stakeholders before implementing.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27856
GHSA-rx97-pwc5-6v32