CVE-2025-20279

MEDIUM

Cisco Unified Contact Center Express - Authenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

References (1)

Core 1

Scores

CVSS v3 4.8
EPSS 0.0014
EPSS Percentile 33.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (50)
cisco/unified_contact_center_express 8.5\(1\)
cisco/unified_contact_center_express 9.0\(2\)su3es04
cisco/unified_contact_center_express 10.0\(1\)su1
cisco/unified_contact_center_express 10.0\(1\)su1es04
cisco/unified_contact_center_express 10.5\(1\)
cisco/unified_contact_center_express 10.5\(1\)su1
cisco/unified_contact_center_express 10.5\(1\)su1es10
cisco/unified_contact_center_express 10.6\(1\)
cisco/unified_contact_center_express 10.6\(1\)su1
cisco/unified_contact_center_express 10.6\(1\)su2
... and 40 more
Published Jun 04, 2025
Tracked Since Feb 18, 2026