CSRF in Flexense Disk Pulse Enterprise

CVE-2025-59901

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (8.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References