CVE-2026-31013

MEDIUM

6.1

Descripcion

Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbitrary JavaScript in the victim's browser.

Detalles CVE

Puntuacion CVSS v3.16.1

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado4/21/2026

Ultima modificacion4/23/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

dovestones:ad_phonebook

Debilidades (CWE)

CWE-79

Referencias

https://dovestones.com/download/(cve@mitre.org)

https://gist.github.com/pentestrox/a35cd5df1a5a84eabada897fc4ffcc79(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.