Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

cisco-sa-unity-vulns-n2EJSbbw · Medium · Published · Updated

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and an SQL injection attack. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2026-20059, CVE-2026-20060, CVE-2026-20061
Cisco Bug IDsCSCwq36822, CSCwq36828, CSCwq36796
CVSS ScoreBase 6.1
Base 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Base 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unity Connection

Related Products

Product CVE Evidence
Cisco Unity Connection CVE-2026-20061 Cisco OpenVuln
Cisco Unity Connection CVE-2026-20060 Cisco OpenVuln
Cisco Unity Connection CVE-2026-20059 Cisco OpenVuln
Cisco Unity CVE-2026-20061 Cisco OpenVuln
Cisco Unity CVE-2026-20060 Cisco OpenVuln
Cisco Unity CVE-2026-20059 Cisco OpenVuln