cbcvebase.
CVE-2025-59901
published 2026-01-28

CVE-2025-59901: Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of…

PriorityP340high8.5CVSS 4.0
AVNACLATNPRLUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.19%
8.8th percentile
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.

Affected

2 ranges
VendorProductVersion rangeFixed in
flexensedisk_pulse_enterprise
flexensesync_breeze_enterprise_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.