CVE-2026-5220
MediumCVSS 6.4Summary
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc., due to improper input neutralization during web page generation. The issue affects versions from 4.8.2.23 up to 4.8.3.0.
Risk Assessment
An attacker can inject a malicious script that executes in other users' browsers, potentially leading to session hijacking, account takeover, or data leakage.
Recommendation
Immediately upgrade DivvyDrive to version 4.8.3.1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1.

