CVE Catalog

CVE-2026-20117

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) allows an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the interface. The issue is due to insufficient validation of user-supplied input.

Risk Assessment

An attacker could execute arbitrary script code in the context of the management interface or access sensitive browser-based information, potentially leading to credential theft or session hijacking.

Recommendation

Apply the Cisco Unified CCX software update containing the security fix immediately. Until the update is applied, restrict access to the management interface to trusted IP addresses only.

Original NVD description (English source)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS