—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cross-Site Scripting Vulnerabilities in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Packaged CCE and Cisco Unified CCE

Overview

Multiple vulnerabilities have been reported in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

These vulnerabilities exist due to the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD

CVE Name

CVE-2026-20055

CVE-2025-20109

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml0mFQACgkQ3jCgcSdc

ys/PlRAAordVZ0wtRIflaIZxREITN+z9rtK11ZxoDrp9DOBfM1w1yJIAYgnyggri

c0Aa0KUo/V6HStBPhoYKyPMjMeR7vuvnEp8yxgk8oRR5sxAOws0/MjNlcSlK45SW

MBgqSXmfS2+LTuE1ozeeGuWZY88nbnE8eikaaX95oecR6hVGBiNy5fNvE2SmJuL2

8d9wnYsOaqtR2VnODup1CtI19kI1gLK7PwE5MqTObQvQuXrLCKs7pnh5Ri4YJ8Ee

Ye4e/ymVDJuUDM+XMjpcn3gpnphKveJMmF2E+DQOtL9sOZnN5CrQTObZdxBKkIxd

Z4PMWiawgJBUXeluH4xrZWrwST4eEq6Iu1qpiQSqIpyd/t0dzdkzLsAlYwA7P5HZ

oPqlbfRqEETbw+ZkLz9/VWHg6cnZygxmOdWLvfiTgl9pYXymXws90+Oc5R/DVn/r

XRV+RXvKyiLD1883SYIqy2XCzTBzmiL3Nbp3HwV1FyPydC+2Nnfn8Y++2w89J/+h

VJWEX4f3FFhk/qC83eRg212yNPpbWYqkUPMgLWzuMjuQ8cwVhApDBdgIV4njhc73

ghSox0vWw8DmsY+NPYbA2RDF6N6RKnbEt/qa+6Mu3NvvLZyC8BAYkraQjmWb0D83

8xqEtY3ct20upg7kg+exfVadVzsB46GheGhD39J/xlUaGAd5fEA=

=rBse

—–END PGP SIGNATURE—–