Flexense Disk Pulse Enterprise Authenticated Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Disk Pulse Enterprise version 10.4.18. This vulnerability exists in the '/monitor_directory?sid=' endpoint and is caused by inadequate validation of the 'monitor_directory' parameter in POST requests. An authenticated attacker could exploit this vulnerability to inject malicious content, potentially leading to the theft of session information from the user.

Impact

Exploitation of this vulnerability allows for authenticated reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's session.

Added: Jan 28, 2026, 12:26 PM

Updated: Jan 28, 2026, 12:26 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

5.8

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

5.8

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flexense Disk Pulse Enterprise Authenticated Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

Flexense Disk Pulse Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating