—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cross-Site Scripting Vulnerability in CISCO

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Unified Intelligence Center and Cisco Finesse

Packaged CCE

Unified CCE

Unified CCX

Overview

Multiple vulnerabilities have been reported in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

These vulnerabilities exist due to the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh

CVE Name

CVE-2026-20116

CVE-2026-20117

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmy0DkACgkQ3jCgcSdc

ys//EBAAn3KS2rHCspk6xQ6i+AlloI3Wag3+rezITsOzrZjO2jG3jtk1fpNhfU/X

gq+DMpsZdqcOYkAIKxvZQoimeerps2oJY7uLWus4jjY05bdQxFRaZLtC+cAjQ3z8

o8VyUoWdqjhmerFxIbQAtiXgzI+O+zQs70FXMl4RiavTnqvuZVe9r0HdmT/Z8fNF

xymianP9Lnccb1k/44tK8RnmImUWlrHisusoAjyHL156EnlhURkBjW0EK+tDx2Ic

WyVSUNyFSHbjlVe+J3VYLb2DVnea14biSXhWmwjRM9KEbY83Nll+FBIgFl0IfMDH

33bq0duqrhHZOBsx0c6lwtXxoN6r0Z7DQdijVFdYe3JQKu0l3HfIEa8Icw9m6hU9

hVnZDU7L0C29nxyOxwI+uLyua6YRCMTWpC30tJqBp9bZySQSjyUgJKA57J4IPB1v

otwHR3D8MUr3AU0dzdLzaQz37SI8uSL0eVAYe/J5zWKg4vWKgDP8ZYZXec/ld0j3

ZkXv9rygPn4Nt3urQXy7RwjnqUgE5hhhSV5V7eUfhtwcne5RVynm7V0uaqxb9WpG

D3CS6puI7zCB6G1FR31ihFZoIJoZdkERnHKJ0KJCuf0yRLokNYvwilDlZO7KoaJV

jEUmG1/Yyyl8ubfCU+7AfauR1xJ8IEQ74KOpbuJOizJ2fBCM7JU=

=+sDF

—–END PGP SIGNATURE—–