Security Advisory

CVE-2025-59901

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 12:01:30

Last updated 2026-01-28 15:16:54

Assigner INCIBE

State PUBLISHED

Description

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the /monitor_directory?sid= endpoint, caused by insufficient validation of the monitor_directory parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.

← Browse all CVEs View on cve.org ↗