PT-2026-5109 · Unknown · Diskpulse Enterprise
Rafael Pedrero
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2025-59901
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Disk Pulse Enterprise version 10.4.18
Description
Disk Pulse Enterprise version 10.4.18 contains an authenticated reflected cross-site scripting (XSS) issue in the
/monitor directory?sid= endpoint. This is due to inadequate validation of the monitor directory parameter received via a POST request. An attacker could leverage this to deliver malicious content to an authenticated user, potentially gaining access to their session information.Recommendations
Apply sufficient validation to the
monitor directory parameter sent by POST requests to the /monitor directory?sid= endpoint.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Diskpulse Enterprise