CVE-2026-20109

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Enterprise and Cisco Packaged Contact Center Enterprise (affected versions not specified)

Description The software contains insufficient protection of web page structure. Successful exploitation could allow a remote attacker to conduct cross-site scripting (XSS) attacks. The issue is due to improper validation of user-supplied input within the web-based management interface. An attacker could inject malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code or access sensitive, browser-based information. The attacker must have valid administrative credentials to exploit these issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.