PT-2026-5106 · Unknown · Sync Breeze Enterprise Server+1

Rafael Pedrero

Published

2026-01-28

Updated

2026-01-28

CVE-2025-59898

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18

Description Sync Breeze Enterprise Server and Disk Pulse Enterprise are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker can potentially send malicious content to an authenticated user, potentially gaining access to session information. This is due to inadequate validation of user input. The vulnerability is present in the /add exclude dir?sid= API endpoint, specifically affecting the exclude dir parameter.

Recommendations Update Sync Breeze Enterprise Server to a newer version. Update Disk Pulse Enterprise to a newer version.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-59898

Affected Products

Diskpulse Enterprise

Sync Breeze Enterprise Server

PT-2026-5106 · Unknown · Sync Breeze Enterprise Server+1

CVE-2025-59898

Weakness Enumeration

Related Identifiers

Affected Products

References · 6