CVE-2026-20059

Published Apr 15, 2026

Last updated 3 days ago

CVSS medium 6.1

Overview

Description: A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Source: psirt@cisco.com
NVD status: Analyzed
Products: unity_connection

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6DAF417F-F480-4A4D-845B-8338776FF253",
            "versionEndIncluding": "12.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su1:*:*:*:*:*:*:*",
            "matchCriteriaId": "774C01A1-9328-45E8-9BDD-470A10BC3C2A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su2:*:*:*:*:*:*:*",
            "matchCriteriaId": "CD8AB4B5-12C2-4F02-A4C3-4B8C06AFFD53",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*",
            "matchCriteriaId": "181866CE-6279-4422-8EF8-7A12DB5B21F6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su3a:*:*:*:*:*:*:*",
            "matchCriteriaId": "7B70BACC-B771-4049-8A55-3B277913DEEF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su4:*:*:*:*:*:*:*",
            "matchCriteriaId": "D09F3655-B513-48F6-82A8-F0F946C52D25",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:14su5:*:*:*:*:*:*:*",
            "matchCriteriaId": "E51AF0FF-016D-4F20-8F88-0E70D18C375C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:15.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "97CC6719-1A7F-48BA-8014-802E235ED80D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:15su1:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C9412EC-282C-4926-83F8-932E24E0FC22",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:15su2:*:*:*:*:*:*:*",
            "matchCriteriaId": "37EFE547-7D3C-4D71-8D46-2C5734B9D64B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:15su3:*:*:*:*:*:*:*",
            "matchCriteriaId": "CE6AF25B-E6F9-4E15-902D-4516DFE8C8E2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References