Unknown · Divvydrive · CVE-2022-0900
**Name of the Vulnerable Software and Affected Versions**
DivvyDrive versions prior to 4.6.2.0
**Description**
The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This allows for stored XSS attacks. A stored cross-site scripting vulnerability in DivvyDrive's `aciklama` parameter could allow anyone to gain users' session information.
**Recommendations**
For versions prior to 4.6.2.0, update to version 4.6.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the `aciklama` parameter to minimize the risk of exploitation.