High severityNVD Advisory· Published Jan 28, 2026· Updated Apr 15, 2026
CVE-2025-59901
CVE-2025-59901
Description
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 10.4.18
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.