CVE-2026-20109 — Cross-site Scripting in Cisco Packaged Contact Center Enterprise

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 86.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Packaged Contact Center Enterprise Cisco Unified Contact Center Enterprise

Timeline

PublishedJan 21

Description

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco/cisco_unified_contact_center_enterprise23 versions+22

▶CVEListV5cisco/cisco_packaged_contact_center_enterprise15 versions+14

🔴Vulnerability Details

CVEList

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability↗2026-01-21

▶

GHSA

GHSA-q8j8-jmww-v8g6: Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Ce↗2026-01-21

▶

📋Vendor Advisories

Cisco

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities↗2026-01-21

▶