Medium4.8Cisco Updated
Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities
cisco-sa-ucce-pcce-xss-2JVyg3uD Published Jun 22, 2026Updated by vendor Jun 22, 2026
CVE-2026-20055CVE-2026-20109
Affected products & platforms
CiscoUnified Communications
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
Affected versions
- Scope: At the time of publication, these vulnerabilities affected Cisco Packaged CCE and Cisco Unified CCE, regardless of device configuration.
- Earlier than 12.6 — Migrate to a fixed release
- 12.6 — 12.6(2)_ES101 / Migrate to a fixed release
- Release 15.0 (first fixed: 15.0(1)ES202511)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 15.0(1)ES202511
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 12.6: migrate to a fixed release.
- Release 12.6: 12.6(2)_ES101 / Migrate to a fixed release.
- Release 15.0: upgrade to 15.0(1)ES202511.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.