PT-2026-5109 · Unknown · Diskpulse Enterprise
Rafael Pedrero
·
Publicado
2026-01-28
·
Atualizado
2026-01-28
·
CVE-2025-59901
CVSS v4.0
8.5
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Disk Pulse Enterprise version 10.4.18
Description
Disk Pulse Enterprise version 10.4.18 contains an authenticated reflected cross-site scripting (XSS) issue in the
/monitor directory?sid= endpoint. This is due to inadequate validation of the monitor directory parameter received via a POST request. An attacker could leverage this to deliver malicious content to an authenticated user, potentially gaining access to their session information.Recommendations
Apply sufficient validation to the
monitor directory parameter sent by POST requests to the /monitor directory?sid= endpoint.Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Diskpulse Enterprise