CVE-2026-36460
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Description
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!