PT-2026-5107 · Unknown · Sync Breeze Enterprise Server+1
Rafael Pedrero
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2025-59899
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sync Breeze Enterprise Server versions 10.4.18
Disk Pulse Enterprise versions 10.4.18
Description
Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18 are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker could potentially send malicious content to an authenticated user and compromise their session due to inadequate validation of user input. The issue is present in the following API endpoint and parameters: '/server options?sid=', with vulnerable parameters including
tasks logs dir, errors logs dir, error notifications address, status notifications address, and status reports address.Recommendations
Update Sync Breeze Enterprise to a version newer than 10.4.18.
Update Disk Pulse Enterprise to a version newer than 10.4.18.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Diskpulse Enterprise
Sync Breeze Enterprise Server