Flexense: Security Vulnerabilities
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-05
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-05
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-05
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-24
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-24
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-24
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-24
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
CVSS Score
9.8
EPSS Score
0.034
Published
2020-12-09
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-02
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-02
Page 1