Cisco Unified Contact Center Express Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack or execute arbitrary code on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.<br><br>
For more information about these vulnerabilities, see the <a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Unified Contact Center Express Vulnerabilities%26vs_k=1#details”>Details</a> section of this advisory.<br><br>
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL</a><br><br>

<br/>Security Impact Rating: Medium

<br/>CVE: CVE-2025-20276,CVE-2025-20277,CVE-2025-20279Cisco Security AdvisoryRead More