CVE-2026-31013

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbitrary JavaScript in the victim's browser.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 21, 2026

CWE ID

CWE-79

Source

NVD

External References

https://dovestones.com/download/
https://gist.github.com/pentestrox/a35cd5df1a5a84eabada897fc4ffcc79

CVE-2026-31013

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment