Skip to main content

Diskpulse CVE-2018-10564

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-05-02 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 02, 2018 - 21:29 nvd
MEDIUM 6.1

DescriptionNVD

XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.

AnalysisAI

XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Affected products include: Flexense Diskpulse.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-36927 HIGH POC
7.8 Jan 16

Diskpulse versions up to 13.6.14 contains a vulnerability that allows attackers to potentially execute arbitrary code (C

CVE-2025-59894 HIGH
8.0 Jan 28

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.

CVE-2025-59893 HIGH
8.0 Jan 28

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.

CVE-2025-59892 HIGH
8.0 Jan 28

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.

CVE-2025-59891 HIGH
8.0 Jan 28

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.

CVE-2025-59895 HIGH
7.5 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulne

CVE-2025-59900 MEDIUM
5.4 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site

CVE-2025-59899 MEDIUM
5.4 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site

CVE-2025-59898 MEDIUM
5.4 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site

CVE-2025-59897 MEDIUM
5.4 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site

CVE-2025-59896 MEDIUM
5.4 Jan 28

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site

Share

CVE-2018-10564 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy