Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
Summary
| CVE | CVE-2026-20117 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-11 17:16:55 UTC |
| Updated | 2026-07-08 19:12:13 UTC |
| Description | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Risk And Classification
Primary CVSS: v3.1 6.1 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.002070000 probability, percentile 0.108730000 (date 2026-07-10)
Problem Types: CWE-79 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| 3.1 | CNA | CVSSV3_1 | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Unified Contact Center Express | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.5(1)SU1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU3 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.0(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.0(1)SU1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.5(1)SU1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.5(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)SU1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)SU2 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)SU3 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU02_ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU02_ES04 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU02_ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU01_ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU01_ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU02_ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES07 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES08 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU01_ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.0(1)ES04 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES06 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.0(1)ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.0(1)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES05 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.0(1)ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES04 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(2)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU3ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.0(1)SU1ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU3ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.5(1)SU1ES10 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.5(1)SU1ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(1)ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.5(1)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU2 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU2ES04 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.6(1)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 10.6(1)SU3ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.5(1)SU1ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.5(1)SU1ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 11.0(1)SU1ES02 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES03 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES04 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES05 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected UCCX 15.0.1 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES06 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 12.5(1)_SU03_ES07 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 15.0(1) | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 15.0(1)ES01 | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 15.0(1)ES-MSOauth | Not specified |
| CNA | Cisco | Cisco Unified Contact Center Express | affected 1501_ES01_CSCws06843 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss... | [email protected] | sec.cloudapps.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Exploits
CNA: The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
There are currently no legacy QID mappings associated with this CVE.