CVE-2026-6283
MediumCVSS 5.4Summary
A stored cross-site scripting (XSS) vulnerability has been found in DivvyDrive by DivvyDrive Information Technologies Inc. The flaw is caused by improper input neutralization during web page generation, allowing injection of malicious scripts.
Risk Assessment
An attacker can hijack user sessions, steal data, or perform other malicious actions in the victim's browser context. The risk is especially high in multi-user environments sharing the same application instance.
Recommendation
Immediately upgrade DivvyDrive to version 4.8.3.1 or later, which includes a fix for this vulnerability. Before upgrading, consider restricting access to trusted users only.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1.

