CVE-2025-59898
Vulnerability Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclude_dir' parameter.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
Flexense
Product
Sync Breeze Enterprise Server, Disk Pulse Enterprise
Discussion (0)
Add Comment
No comments yet. Be the first!