CVE Catalog

CVE-2026-5220

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Summary

A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc., due to improper input neutralization during web page generation. The issue affects versions from 4.8.2.23 up to 4.8.3.0.

Risk Assessment

An attacker can inject a malicious script that executes in other users' browsers, potentially leading to session hijacking, account takeover, or data leakage.

Recommendation

Immediately upgrade DivvyDrive to version 4.8.3.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS