VYPR

AD Phonebook

by Dovestones

CVEs (2)

  • CVE-2026-31013MedApr 21, 2026
    risk 0.40cvss 6.1epss 0.00

    Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding,…

  • CVE-2026-36460MedJun 3, 2026
    risk 0.31cvss 4.8epss 0.00

    Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output…