CVE-2025-20310 – Cisco Enterprise Chat and Email (ECE) Stored Cross-Site Scripting Vulnerability

July 2, 2025

CVE ID : CVE-2025-20310

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53359 – Ethereum Crate Signature Malleability Vulnerability

Next Article CVE-2025-52886 – Poppler PDF Rendering Library Use-After-Free Vulnerability

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Your Roku has secret menus and screens – here’s how to unlock them

Add Paramount+, STARZ, and more to your Prime Video account for $0.99 a month – here’s how

My new favorite keychain accessory gives me 2TB of SSD storage instantly

HP’s latest OmniBook finally sold me on the 2-in-1 form factor (and it’s on sale)

Simplifying Stream Handling with Laravel’s resource Method

Simplifying Stream Handling with Laravel’s resource Method

Intelligent Parsing and Formatting of Names in PHP Applications

This Week in Laravel: Cursor Rules, Nightwatch Review, and Race Conditions

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

Rilasciato Thunderbird 140 ESR: Un’attenzione alle esigenze aziendali

CVE-2025-20310 – Cisco Enterprise Chat and Email (ECE) Stored Cross-Site Scripting Vulnerability

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Microsoft April 2025 Patch Tuesday: Fixes for 134 security vulnerabilities, one exploited Zero-Day

How the Change to TLS Certificate Lifetimes Will Affect Sitecore Projects (and How to Prepare)

CVE-2025-48934 – Deno Deny Env Variable Information Disclosure

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

How VideoAmp uses Amazon Bedrock to power their media analytics interface

OpenBMB Releases MiniCPM4: Ultra-Efficient Language Models for Edge Devices with Sparse Attention and Fast Inference

CVE-2025-48467 – Apache HTTP Server Remote Reboot DoS Vulnerability

Salesforce AI Releases BLIP3-o: A Fully Open-Source Unified Multimodal Model Built with CLIP Embeddings and Flow Matching for Image Understanding and Generation

CVE-2025-20310 – Cisco Enterprise Chat and Email (ECE) Stored Cross-Site Scripting Vulnerability

Related Posts