Primary

Context

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability Allowing Browser-Based Attacks

Vulnerability

Patched

A vulnerability exists in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE), allowing authenticated, remote attackers with Agent role credentials to conduct browser-based attacks. This issue arises from insufficient validation of file contents during upload processes, enabling attackers to upload files containing malicious scripts or HTML. These files could be accessed by other users, potentially executing the embedded content in their browsers and facilitating browser-based attacks.

Impact

Exploitation could lead to unauthorized execution of scripts or HTML in the context of the user's browser, allowing for various browser-based attacks.

Remediation

Users are advised to upgrade to Cisco ECE version 15.0(1)ES202603 or later. For versions 12 and earlier, migrate to a fixed release. Consult the Cisco Product Security Incident Response Team (PSIRT) for guidance on the upgrade process.

Added: May 6, 2026, 6:47 PM

Updated: May 6, 2026, 6:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.0

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.0

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability Allowing Browser-Based Attacks

Vulnerability

Impact

Remediation

Affected Products

Cisco Enterprise Chat and Email

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating