CVE-2025-59900

Medium CVSS: 5.1

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters.

Vendor

Flexense

Product

Diskpulse

CWE

CWE-79

Yayın Tarihi

2026-01-28 12:15:51

Güncelleme

2026-02-10 21:03:51

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-79 Diskpulse MEDIUM Flexense 2026

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products

Benzer Kayıtlar

High

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute ar…

High

CVE-2025-59895

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulne…

Medium

CVE-2025-59896

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59897

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59898

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…

Medium

CVE-2025-59899

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site…