Cisco Unified Contact Center Express
Moderate fix1 remedy
cpe:2.3:a:cisco:unified_ccx:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- < 15.0
- = 15.0
Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Unified Contact Center Express (CCX). This vulnerability allows an authenticated, remote attacker to inject malicious scripts that are stored and executed on the affected system. The issue arises from improper input sanitization in the management interface. Exploitation requires valid administrative credentials.
Impact
Successful exploitation allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Remediation
Cisco has released software updates to address this vulnerability. Users are advised to consult the Cisco Security Advisories page for upgrade instructions. For specific release information, refer to the Fixed Software section of the advisory.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
1.7exploitability
4.1remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.