CVE-2025-59901
Vulnerability Description
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
Flexense
Product
Sync Breeze Enterprise Server, Disk Pulse Enterprise
Discussion (0)
Add Comment
No comments yet. Be the first!