2026-01-28 12:01:30
INCIBE
PUBLISHED
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the /monitor_directory?sid= endpoint, caused by insufficient validation of the monitor_directory parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.