PT-2026-5106 · Unknown · Sync Breeze Enterprise Server+1
Rafael Pedrero
·
Publicado
2026-01-28
·
Atualizado
2026-01-28
·
CVE-2025-59898
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sync Breeze Enterprise Server versions 10.4.18
Disk Pulse Enterprise versions 10.4.18
Description
Sync Breeze Enterprise Server and Disk Pulse Enterprise are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker can potentially send malicious content to an authenticated user, potentially gaining access to session information. This is due to inadequate validation of user input. The vulnerability is present in the
/add exclude dir?sid= API endpoint, specifically affecting the exclude dir parameter.Recommendations
Update Sync Breeze Enterprise Server to a newer version.
Update Disk Pulse Enterprise to a newer version.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Diskpulse Enterprise
Sync Breeze Enterprise Server