CVE-2026-6002
Improper Input Validation in DivvyDrive Leads to XSS
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| divvydrive_information_technologies_inc | divvydrive | From 4.8.2.9 (inc) to 4.8.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in DivvyDrive software versions from 4.8.2.9 before 4.8.3.2. It occurs because the application does not properly neutralize script-related HTML tags in web pages, allowing attackers to inject malicious scripts.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including unauthorized execution of scripts in the context of the user's browser. This can result in theft of sensitive information, session hijacking, modification of web content, and potentially full compromise of user accounts and data.