Cross-Site Scripting Vulnerability in Cisco Unified Intelligent Contact Management Enterprise
CVE-2025-20273

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Intelligent Contact Management Enterprise
Vendor: CVE Published:; 4 June 2025

Badges

👾 Exploit Exists

What is CVE-2025-20273?

A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This is caused by inadequate user input validation, enabling attackers to potentially exploit the vulnerability by convincing users to click malicious links. Successful exploitation could allow arbitrary script code execution within the context of the affected interface and could lead to unauthorized access to sensitive browser data.

Affected Version(s)

Cisco Unified Intelligent Contact Management Enterprise 10.5(2)_ES15

Cisco Unified Intelligent Contact Management Enterprise 10.5(1)_ES20

Cisco Unified Intelligent Contact Management Enterprise 10.5(2)_ES17

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 4, 2025
Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Oct 10, 2024