CVE-2026-20170
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center allowed an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks. The issue was due to improper handling of HTML and script content. Cisco has addressed this vulnerability in the service, requiring no customer action.
Risk Assessment
An attacker could trick a user into clicking a malicious link, potentially stealing sensitive information from the browser, including authentication and session data. This poses a significant risk to organizational data security.
Recommendation
No customer action is required as Cisco has automatically patched the vulnerability in the Cisco Webex Contact Center service. However, it is recommended to monitor Cisco security advisories.
Original NVD description (English source)
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.

