6.1
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Basic Information
ID
CVE-2026-20059
Source
cisco
Published
Apr 15, 2026 at 16:11
Modified
Apr 15, 2026 at 16:56
Affected Product
Vendor
Cisco
Product
Cisco Unity Connection
Version
14
Affected Versions
Cisco Cisco Unity Connection 14
Cisco Cisco Unity Connection 14SU1
Cisco Cisco Unity Connection 14SU2
Cisco Cisco Unity Connection 14SU3
Cisco Cisco Unity Connection 14SU3a
Cisco Cisco Unity Connection 15
Cisco Cisco Unity Connection 15SU1
Cisco Cisco Unity Connection 14SU4
Cisco Cisco Unity Connection 15SU2
Cisco Cisco Unity Connection 15SU3
Cisco Cisco Unity Connection 14SU5
Cisco Cisco Unity Connection 15SU4
Cisco Cisco Unity Connection 14SU1
Cisco Cisco Unity Connection 14SU2
Cisco Cisco Unity Connection 14SU3
Cisco Cisco Unity Connection 14SU3a
Cisco Cisco Unity Connection 15
Cisco Cisco Unity Connection 15SU1
Cisco Cisco Unity Connection 14SU4
Cisco Cisco Unity Connection 15SU2
Cisco Cisco Unity Connection 15SU3
Cisco Cisco Unity Connection 14SU5
Cisco Cisco Unity Connection 15SU4