Security Advisory

CVE-2026-31013

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-21 00:00:00

Last updated 2026-04-21 18:19:12

Assigner mitre

State PUBLISHED

Description

Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbitrary JavaScript in the victims browser.

← Browse all CVEs View on cve.org ↗