Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026
Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
CVE-2025-59899
Description
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=10.4.18
<=10.4.18+ 1 more
- (no CPE)range: <=10.4.18
- (no CPE)range: v10.4.18
- Flexense/Sync Breeze Enterprise Serverv5Range: v10.4.18
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.