CVE-2025-59896

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description Sync Breeze Enterprise Server and Disk Pulse Enterprise are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker can potentially send malicious content to an authenticated user, potentially gaining access to session information. This is due to inadequate validation of user-supplied data. The vulnerability is present in the /add command?sid= API endpoint, specifically affecting the command name parameter.

Recommendations Update Sync Breeze Enterprise to a version beyond 10.4.18. Update Disk Pulse Enterprise to a version beyond 10.4.18.