CNNVD-202601-4779 Information
CNNVD ID
CNNVD-202601-4779
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Flexense Sync Breeze Enterprise Server和Flexense Disk Pulse Enterprise都是Flexense公司的产品。Flexense Sync Breeze Enterprise Server是一个网络文件同步软件。Flexense Disk Pulse Enterprise是一个实时文件系统监控软件。 Flexense Sync Breeze Enterprise Server 10.4.18版本和Flexense Disk Pulse Enterprise 10.4.18版本存在跨站脚本漏洞,该漏洞源于对add_command端点中command_name参数的用户输入验证不足,可能导致存储型跨站脚本攻击。
Description (English)
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are all Flexense products. Flexense Sync Breeze Enterprise Server is a web file sync software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. There is a cross-site script loophole in version 10.4.18 of Flexense Sync Breeze Enterprise Server and version 10.4.18 of Flexense Disk Pulse Enterprise, which results from insufficient user input verification of the comand name parameters in the add committee endpoint, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Flexense
Published
2026-01-28
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products
Share on: