Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026
Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
CVE-2025-59898
Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclude_dir' parameter.
Affected products
4- Range: =10.4.18
- Range: =10.4.18
- Flexense/Disk Pulse Enterprisev5Range: v10.4.18
- Flexense/Sync Breeze Enterprise Serverv5Range: v10.4.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.