CVE-2026-20116

Name of the Vulnerable Software and Affected Versions Cisco Finesse Cisco Packaged Contact Center Enterprise (Packaged CCE) Cisco Unified Contact Center Enterprise (Unified CCE) Cisco Unified Contact Center Express (Unified CCX) Cisco Unified Intelligence Center (affected versions not specified)

Description A flaw exists in the web-based management interface of the listed Cisco products. This issue could allow a remote, unauthenticated attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The root cause is insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this by injecting malicious code into specific pages of the interface. Successful exploitation may allow the attacker to execute arbitrary script code within the context of the affected interface or gain access to sensitive information accessible through the browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.