Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities exist because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabil…
- Scope: CVE-2026-20116: At the time of publication, this vulnerability affected Cisco Unified Intelligence Center and Cisco Finesse, regardless of device configuration.
- 12.6 and earlier — Migrate to a fixed release
- Release 15.0 (first fixed: 15.0(1)ES202511)
- 12.6 and earlier — Migrate to a fixed release
- Release 15.0 (first fixed: 15.0(1)ES202511)
- 12.5 SU3 and earlier — Migrate to a fixed release
- Release 15.0 (first fixed: 15.0 ES02 (Mar 2026))
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 15.0(1)ES202511
- 15.0 ES02 (Mar 2026)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 12.6 and earlier: migrate to a fixed release.
- Release 15.0: upgrade to 15.0(1)ES202511.
- Release 12.6 and earlier: migrate to a fixed release.
- Release 15.0: upgrade to 15.0(1)ES202511.
- Release 12.5 SU3 and earlier: migrate to a fixed release.
- Release 15.0: upgrade to 15.0 ES02 (Mar 2026).
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.