CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-31013

Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbitrary JavaScript in the victim's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.7%

CVSS Severity

CVSS v3 Score 6.1

References

https://dovestones.com/download/
https://gist.github.com/pentestrox/a35cd5df1a5a84eabada897fc4ffcc79

Products affected by CVE-2026-31013

Dovestones » Ad Phonebook » Version: Any

cpe:2.3:a:dovestones:ad_phonebook:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31013

Products

Pricing

Contact Us