Just to close the loop on the cross-frame scripting. I opened a case with PSIRT with simple iframe code showing the vulnerability and they pointed us towards an update to ES04. It resolved the issue in the version we are running.

Any thoughts on that Cross-Frame Scripting vulnerability on that same server? Cisco Unified CCX AdministrationSystem version: 12.0.1.10000-24 That version is a supported version isn't it? For various reasons we are stuck at this build for a few month...