{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/divvydrive-information-technologies-inc./","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5784"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (4.8.2.9 \u003c 4.8.3.2)"],"_cs_severities":["medium"],"_cs_tags":["xss","stored-xss","web-application"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive, a product of DivvyDrive Information Technologies Inc., is vulnerable to a stored cross-site scripting (XSS) vulnerability. This flaw, identified as CVE-2026-5784, arises from the improper neutralization of input during web page generation. Specifically, DivvyDrive versions from 4.8.2.9 before 4.8.3.2 are affected. An attacker can inject malicious scripts into the application, which are then stored and executed when other users interact with the affected content. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an input field within DivvyDrive (versions 4.8.2.9 to 4.8.3.1) that does not properly sanitize user-supplied data.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious payload into the vulnerable input field (e.g., a comment, profile field, or document name).\u003c/li\u003e\n\u003cli\u003eThe application stores the attacker\u0026rsquo;s payload in the database without proper sanitization.\u003c/li\u003e\n\u003cli\u003eA legitimate user accesses the page or feature where the malicious payload is stored and displayed.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s web browser executes the attacker\u0026rsquo;s JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe malicious script can perform actions such as stealing the user\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen cookies to impersonate the user and gain unauthorized access to their account.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this stored XSS vulnerability (CVE-2026-5784) in DivvyDrive could allow an attacker to execute arbitrary JavaScript code in the context of other users\u0026rsquo; browsers. This could lead to account compromise, session hijacking, defacement of the DivvyDrive instance, or redirection of users to malicious websites. The CVSS v3.1 base score is rated as 8.8 (High), indicating a significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to remediate the XSS vulnerability (CVE-2026-5784).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to monitor for suspicious web requests containing common XSS payloads.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and output encoding mechanisms to prevent XSS attacks.\u003c/li\u003e\n\u003cli\u003eRegularly review and update security practices to mitigate the risk of similar vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-drive-xss/","summary":"DivvyDrive versions 4.8.2.9 before 4.8.3.2 are susceptible to stored cross-site scripting (XSS) due to improper neutralization of user-supplied input during web page generation, potentially allowing attackers to execute arbitrary JavaScript in a user's browser.","title":"DivvyDrive Stored XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-drive-xss/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6002"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (\u003e= 4.8.2.9, \u003c 4.8.3.2)"],"_cs_severities":["medium"],"_cs_tags":["xss","cve-2026-6002","web-application"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive versions 4.8.2.9 before 4.8.3.2 are vulnerable to cross-site scripting (XSS) due to improper neutralization of script-related HTML tags. This vulnerability, identified as CVE-2026-6002, can be exploited by an attacker to inject arbitrary JavaScript code into the context of a user\u0026rsquo;s browser session. Successful exploitation could lead to session hijacking, defacement of the web page, or redirection of the user to malicious websites. The vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious URL containing a script-related HTML tag (e.g., \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e) within a parameter value.\u003c/li\u003e\n\u003cli\u003eA victim user clicks the malicious URL or is redirected to a page containing the crafted URL.\u003c/li\u003e\n\u003cli\u003eThe DivvyDrive application fails to properly sanitize the input, embedding the attacker\u0026rsquo;s script into the HTML output.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser executes the injected script, as it is rendered as part of the trusted web page.\u003c/li\u003e\n\u003cli\u003eThe malicious script steals the victim\u0026rsquo;s session cookies or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen cookies to impersonate the victim and gain unauthorized access to their account.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the victim\u0026rsquo;s data or performs actions on their behalf, potentially causing damage to their data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability can lead to account compromise, data theft, and defacement of the DivvyDrive application. An attacker can steal session cookies, allowing them to impersonate legitimate users and perform unauthorized actions. The severity of the impact depends on the privileges of the compromised user and the extent to which the attacker can manipulate the application. The vulnerability affects versions 4.8.2.9 before 4.8.3.2 of DivvyDrive.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to patch CVE-2026-6002.\u003c/li\u003e\n\u003cli\u003eImplement proper input validation and output encoding to prevent XSS attacks in DivvyDrive.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious URI containing script tag\u0026rdquo; to identify potential XSS attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious URI requests containing script tags or other potentially malicious content using the provided IOC (email address).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-xss/","summary":"DivvyDrive versions 4.8.2.9 before 4.8.3.2 are susceptible to cross-site scripting (XSS) due to improper neutralization of script-related HTML tags, potentially allowing an attacker to inject malicious scripts.","title":"DivvyDrive Cross-Site Scripting (XSS) Vulnerability (CVE-2026-6002)","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-xss/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-5791"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (4.8.2.9 to \u003c 4.8.3.2)"],"_cs_severities":["high"],"_cs_tags":["csrf","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive, a product of DivvyDrive Information Technologies Inc., is vulnerable to a Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2026-5791. This flaw exists in versions 4.8.2.9 up to, but not including, version 4.8.3.2. CSRF vulnerabilities allow attackers to trick users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. Successful exploitation requires an authenticated user to interact with a malicious link or website controlled by the attacker. This could have serious implications for data security and integrity within organizations using affected versions of DivvyDrive.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious HTML page containing a forged request targeting a DivvyDrive function, such as changing a user\u0026rsquo;s password or modifying data.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious HTML page via email or other means, enticing a DivvyDrive user to visit the page while logged into their DivvyDrive account.\u003c/li\u003e\n\u003cli\u003eThe user, while authenticated to DivvyDrive, visits the attacker-controlled webpage.\u003c/li\u003e\n\u003cli\u003eThe malicious page automatically sends a request to the DivvyDrive server, appearing as if it originated from the logged-in user.\u003c/li\u003e\n\u003cli\u003eThe DivvyDrive server, lacking proper CSRF protection, processes the request as a legitimate action from the authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s desired action is executed on the DivvyDrive server, potentially modifying user settings, data, or other system configurations.\u003c/li\u003e\n\u003cli\u003eThe impact could be privilege escalation, data manipulation, or account compromise depending on the targeted function.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5791 allows an attacker to perform actions as an authenticated user without their knowledge or consent. Depending on the targeted DivvyDrive functionality, this could lead to unauthorized data modification, privilege escalation, or complete account compromise. The severity is rated as critical with a CVSS v3.1 score of 9.6, highlighting the potential for significant impact. Organizations using vulnerable versions of DivvyDrive are at risk of data breaches and unauthorized system modifications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to remediate CVE-2026-5791 as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Potential CSRF Attempts via Referer Header\u0026rdquo; to identify suspicious requests lacking a proper Referer header, a common characteristic of CSRF attacks.\u003c/li\u003e\n\u003cli\u003eEnable web server logging and monitor for POST requests originating from unexpected domains as covered by the Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-csrf/","summary":"DivvyDrive versions 4.8.2.9 through 4.8.3.2 are susceptible to cross-site request forgery (CSRF), allowing an attacker to execute unauthorized actions on behalf of an authenticated user.","title":"DivvyDrive Cross-Site Request Forgery Vulnerability (CVE-2026-5791)","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — DivvyDrive Information Technologies Inc.","version":"https://jsonfeed.org/version/1.1"}