Cross-Site Scripting Vulnerability in DivvyDrive by DivvyDrive Information Technologies Inc.
CVE-2026-6002

8.8HIGH

Key Information:

Vendor: Divvydrive Information Technologies Inc.
Status: Divvydrive
Vendor: CVE Published:; 7 May 2026

🔔 Create Divvydrive Information Technologies Inc. Vulnerability Alert

What is CVE-2026-6002?

A Cross-Site Scripting (XSS) vulnerability exists in DivvyDrive, allowing attackers to inject malicious scripts into web pages viewed by users. This flaw arises from improper handling of script-related HTML tags, which could lead to unauthorized data access or theft from users' sessions. The affected versions range from 4.8.2.9 and prior to 4.8.3.2, emphasizing the need for prompt updates to ensure web application security.

Affected Version(s)

DivvyDrive 4.8.2.9 < 4.8.3.2

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Alperen KESKİN

CVE-2026-6002 Data

JSON