Flexense Sync Breeze Enterprise Server and Disk Pulse Enterprise Persistent Authenticated Cross-Site Scripting Vulnerability

Vulnerability

A persistent authenticated Cross-Site Scripting (XSS) vulnerability has been identified in Flexense Sync Breeze Enterprise Server and Disk Pulse Enterprise, both version 10.4.18. This vulnerability allows an attacker to send malicious content to an authenticated user, potentially stealing information from their session. The issue arises from inadequate validation of user input in the '/add_exclude_dir?sid=' endpoint, specifically affecting the 'exclude_dir' parameter.

Impact

Exploitation of this vulnerability allows for persistent authenticated Cross-Site Scripting, where injected malicious scripts are executed in the context of the user's session.

Added: Jan 28, 2026, 12:27 PM

Updated: Jan 28, 2026, 12:27 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flexense Sync Breeze Enterprise Server and Disk Pulse Enterprise Persistent Authenticated Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

Flexense Disk Pulse Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating