{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/divvydrive--4.8.2.9--4.8.3.2/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6002"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (\u003e= 4.8.2.9, \u003c 4.8.3.2)"],"_cs_severities":["medium"],"_cs_tags":["xss","cve-2026-6002","web-application"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive versions 4.8.2.9 before 4.8.3.2 are vulnerable to cross-site scripting (XSS) due to improper neutralization of script-related HTML tags. This vulnerability, identified as CVE-2026-6002, can be exploited by an attacker to inject arbitrary JavaScript code into the context of a user\u0026rsquo;s browser session. Successful exploitation could lead to session hijacking, defacement of the web page, or redirection of the user to malicious websites. The vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious URL containing a script-related HTML tag (e.g., \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e) within a parameter value.\u003c/li\u003e\n\u003cli\u003eA victim user clicks the malicious URL or is redirected to a page containing the crafted URL.\u003c/li\u003e\n\u003cli\u003eThe DivvyDrive application fails to properly sanitize the input, embedding the attacker\u0026rsquo;s script into the HTML output.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser executes the injected script, as it is rendered as part of the trusted web page.\u003c/li\u003e\n\u003cli\u003eThe malicious script steals the victim\u0026rsquo;s session cookies or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen cookies to impersonate the victim and gain unauthorized access to their account.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the victim\u0026rsquo;s data or performs actions on their behalf, potentially causing damage to their data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability can lead to account compromise, data theft, and defacement of the DivvyDrive application. An attacker can steal session cookies, allowing them to impersonate legitimate users and perform unauthorized actions. The severity of the impact depends on the privileges of the compromised user and the extent to which the attacker can manipulate the application. The vulnerability affects versions 4.8.2.9 before 4.8.3.2 of DivvyDrive.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to patch CVE-2026-6002.\u003c/li\u003e\n\u003cli\u003eImplement proper input validation and output encoding to prevent XSS attacks in DivvyDrive.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious URI containing script tag\u0026rdquo; to identify potential XSS attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious URI requests containing script tags or other potentially malicious content using the provided IOC (email address).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-xss/","summary":"DivvyDrive versions 4.8.2.9 before 4.8.3.2 are susceptible to cross-site scripting (XSS) due to improper neutralization of script-related HTML tags, potentially allowing an attacker to inject malicious scripts.","title":"DivvyDrive Cross-Site Scripting (XSS) Vulnerability (CVE-2026-6002)","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — DivvyDrive (\u003e= 4.8.2.9, \u003c 4.8.3.2)","version":"https://jsonfeed.org/version/1.1"}