CVE-2026-20170

Name of the Vulnerable Software and Affected Versions Cisco Webex Contact Center (affected versions not specified)

Description An issue in the Desktop Agent functionality allows an unauthenticated remote attacker to perform cross-site scripting (XSS), which is a technique where malicious scripts are injected into trusted websites. This occurs because HTML and script content are not properly handled. An attacker could exploit this by persuading a user to click a malicious link, potentially leading to the theft of sensitive browser data, such as authentication and session information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.