CVE-2026-20116Cross-site Scripting in Cisco Unified Contact Center Express

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 85.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Contact Center Express
Timeline
PublishedMar 11

Description

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does no

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities2026-03-11
GHSA
GHSA-vh2r-jfvr-qvg8: A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact2026-03-11

📋Vendor Advisories

1
Cisco
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities2026-03-11
CVE-2026-20116 — Cross-site Scripting in Cisco | cvebase