6.1
CVE-2026-20117
- EPSS 0.04%
- Veröffentlicht 11.03.2026 16:31:26
- Zuletzt bearbeitet 12.03.2026 21:08:22
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Unified Contact Center Express
Default Statusunknown
Version
10.5(1)SU1
Status
affected
Version
10.6(1)
Status
affected
Version
11.6(1)
Status
affected
Version
10.6(1)SU1
Status
affected
Version
10.6(1)SU3
Status
affected
Version
11.6(2)
Status
affected
Version
12.0(1)
Status
affected
Version
11.0(1)SU1
Status
affected
Version
11.5(1)SU1
Status
affected
Version
10.5(1)
Status
affected
Version
12.5(1)
Status
affected
Version
12.5(1)SU1
Status
affected
Version
12.5(1)SU2
Status
affected
Version
12.5(1)SU3
Status
affected
Version
12.5(1)_SU03_ES01
Status
affected
Version
12.5(1)_SU03_ES02
Status
affected
Version
12.5(1)_SU02_ES03
Status
affected
Version
12.5(1)_SU02_ES04
Status
affected
Version
12.5(1)_SU02_ES02
Status
affected
Version
12.5(1)_SU01_ES02
Status
affected
Version
12.5(1)_SU01_ES03
Status
affected
Version
12.5(1)_SU02_ES01
Status
affected
Version
11.6(2)ES07
Status
affected
Version
11.6(2)ES08
Status
affected
Version
12.5(1)_SU01_ES01
Status
affected
Version
12.0(1)ES04
Status
affected
Version
12.5(1)ES02
Status
affected
Version
12.5(1)ES03
Status
affected
Version
11.6(2)ES06
Status
affected
Version
12.5(1)ES01
Status
affected
Version
12.0(1)ES03
Status
affected
Version
12.0(1)ES01
Status
affected
Version
11.6(2)ES05
Status
affected
Version
12.0(1)ES02
Status
affected
Version
11.6(2)ES04
Status
affected
Version
11.6(2)ES03
Status
affected
Version
11.6(2)ES02
Status
affected
Version
11.6(2)ES01
Status
affected
Version
10.6(1)SU3ES03
Status
affected
Version
11.0(1)SU1ES03
Status
affected
Version
10.6(1)SU3ES01
Status
affected
Version
10.5(1)SU1ES10
Status
affected
Version
11.5(1)SU1ES03
Status
affected
Version
11.6(1)ES02
Status
affected
Version
11.5(1)ES01
Status
affected
Version
10.6(1)SU2
Status
affected
Version
10.6(1)SU2ES04
Status
affected
Version
11.6(1)ES01
Status
affected
Version
10.6(1)SU3ES02
Status
affected
Version
11.5(1)SU1ES02
Status
affected
Version
11.5(1)SU1ES01
Status
affected
Version
11.0(1)SU1ES02
Status
affected
Version
12.5(1)_SU03_ES03
Status
affected
Version
12.5(1)_SU03_ES04
Status
affected
Version
12.5(1)_SU03_ES05
Status
affected
Version
UCCX 15.0.1
Status
affected
Version
12.5(1)_SU03_ES06
Status
affected
Version
12.5(1)_SU03_ES07
Status
affected
Version
15.0(1)
Status
affected
Version
15.0(1)ES01
Status
affected
Version
15.0(1)ES-MSOauth
Status
affected
Version
1501_ES01_CSCws06843
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.13 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.