VYPR
Vendor

Dovestones

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2015-8267CriDec 24, 2015
    risk 0.65cvss 10.0epss 0.02

    The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

  • CVE-2026-31014MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and…

  • CVE-2026-31013MedApr 21, 2026
    risk 0.40cvss 6.1epss 0.00

    Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding,…

  • CVE-2026-36460MedJun 3, 2026
    risk 0.31cvss 4.8epss 0.00

    Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output…