Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026
Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
CVE-2025-59899
Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters.
Affected products
4- Range: <=10.4.18
- Range: <=10.4.18
- Flexense/Disk Pulse Enterprisev5Range: v10.4.18
- Flexense/Sync Breeze Enterprise Serverv5Range: v10.4.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.