HIGHCVE-2026-6002Published 2026-05-07Modified 2026-05-07CNA TR-CERT

CVE-2026-6002: HTML Injection in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 4.8.3.2
Affected Products: 1

Fix available

4.8.3.2

Affected packages

DivvyDrive Information Technologies Inc. / DivvyDrive
< 4.8.3.2 (from 4.8.2.9)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

siberguvenlik.gov.tr

Metrics

Fix available