CVE-2026-31013

· NIST NVD ↗

Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbitrary JavaScript in the victim's browser.

MEDIUM
CVSS severity
6.1
CVSS base score
2026-04-21
Published

CWE codes

CWE-79

Affected products

dovestones:ad_phonebook

Sources