Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026
Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
CVE-2025-59897
Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_dir' and ‘dest_dir’ parameters.
Affected products
4- Range: = 10.4.18
- Range: = 10.4.18
- Flexense/Disk Pulse Enterprisev5Range: v10.4.18
- Flexense/Sync Breeze Enterprise Serverv5Range: v10.4.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.