CVE-2026-20059
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
| CWE | CWE-79 |
| Vendor | cisco |
| Product | cisco unity connection |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Apr 15, 2026 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco unity connection
Be the first to know when new medium vulnerabilities affecting cisco cisco unity connection are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco Unity Connection
14 14SU1 14SU2 14SU3 14SU3a 15 15SU1 14SU4 15SU2 15SU3 14SU5 15SU4