CVE-2025-59897

Medium CVSS: 5.1

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_dir' and ‘dest_dir’ parameters.

Vendor

Flexense

Product

Diskpulse

CWE

CWE-79

Yayın Tarihi

2026-01-28 12:15:51

Güncelleme

2026-02-10 21:04:35

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-79 Diskpulse MEDIUM Flexense 2026

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products

Benzer Kayıtlar

High

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute ar…

High

CVE-2025-59895

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulne…

Medium

CVE-2025-59896

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59898

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59899

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59900

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…