Cross-Site Scripting Vulnerability in Cisco Unified Contact Center Express
CVE-2026-20117

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unified Contact Center Express
Vendor
CVE Published:
11 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20117?

A vulnerability exists in the web-based management interface of Cisco Unified Contact Center Express that allows unauthenticated remote attackers to perform cross-site scripting (XSS) attacks. This flaw arises from insufficient validation of user-supplied input within the management interface, enabling attackers to inject malicious scripts into specific pages. If successfully exploited, the attacker can execute arbitrary script code in the context of the interface, paving the way for unauthorized access to sensitive browser information.

Affected Version(s)

Cisco Unified Contact Center Express 10.5(1)SU1

Cisco Unified Contact Center Express 10.6(1)

Cisco Unified Contact Center Express 11.6(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.