Lucene search
K

9 matches found

NVD
NVD
added yesterday6 views

CVE-2026-5220

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...

6.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41010

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...

5.4CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-6283

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...

5.4CVSS5.8AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-5220

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...

6.4CVSS5.8AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/07 3:38 p.m.16 views

EUVD-2026-28360

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:54 p.m.18 views

CVE-2026-5784

The CVE-2026-5784 entry concerns DivvyDrive Information Technologies’ DivvyDrive product. It describes a Stored XSS vulnerability caused by improper neutralization of input during web page generation, affecting DivvyDrive versions 4.8.2.9 up to (and including) 4.8.3.1, with the issue fixed in 4.8...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:50 p.m.40 views

CVE-2026-6002 HTML Injection in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 12:40 p.m.19 views

CVE-2026-5791

DivvyDrive CSRF (Cross-Site Request Forgery) vulnerability (CVE-2026-5791) affects DivvyDrive Software prior to 4.8.3.2 (versions starting 4.8.2.9). Root cause is CSRF; impact is information-agnostic, with high integrity impact per the entry. Remediation: upgrade to version 4.8.3.2 or later. Expl...

6.5CVSS5.8AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 3:24 a.m.28 views

CVE-2026-0909 WP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References4
Rows per page
Query Builder